In Chapter 1, we have cited case law and country-specific legislation that mentions requirements for employers with regard to duty of care, but how does one “bring that down to a personal level that gets a board of directors’ attention?”
Hydro One’s Qualitative Risk Appetite Rating Scale Three Powerful Questions
Rating hydro
one
Risk Taking
Philosophy Tolerance for Uncertainty How willing are you to accept uncertain outcomes?
Choice
When faced with multiple options. how willing are you to select an option that puts this objective at risk?
Trade-Off How willing are you to trade-off this objective against achivement of other objectives?
• Only three questions are needed to get a good sense of executives’
risk appetite.
5-Open Will take
justified risks Will choose option with highest
return, accept possibility of failure Willing Willing under certain conditions Prefer to avoid
With extreme reluctance Never Will choose to put at risk, but will manage the impact
Will accept if limited, and heavily out weighted by benefits Will accept only if essential, and limited possibility/extent of failure Will select the lowest risk option, always
Fully anticipated
Expect some
Limited
Low
Extremely Low Will take strongly
justified risks Preference for safe delivery Extermely conservative
“Sacred” risk avoidance is a core objective 4-Flexible
3-Cautious
2-Minimalist
1-Averse
• Asked in sequence, these questions help register a real understanding of committing to a risk appetite.
1 2 3
Example questions for understanding your organization’s risk threshold or “appetite.”
Source: Provided by the Association for Financial Professionals, Inc. Nilly Essaides,
“Enterprise Risk Management Beyond Theory: Practitioner Perspectives on ERM,” Corporate Treasurers Council and Association for Financial Professionals, Inc., 2013, p. 25, http://www.
pwc.com/us/en/risk-management/assets/beyond-theory.pdf. Copyright 2013, Association for Financial Professionals, Inc.
At a high level, before presenting a Travel Risk Management Maturity Model (TRM3) business case to board members or executives in support of investing in
11
Building a Travel Risk Management Program 180
programs and solutions to help with global travel risk management, lays the founda- tion for the conversation with the following context:
1. Who is responsible for duty of care?
a. For someone to justify a claim in common law negligence, they must first prove that a duty of care was owed them. In general, courts test this question with the following criteria:
i. Is there a relationship between the parties involved?
ii. Was the damage or injury foreseeable?
iii. Is it reasonable, fair, and just to impose a duty of care?
2. Was the duty of care breached?
a. When duty of care has been determined to be established between the parties, the claim- ant must be able to prove a breach took place.
i. This is where proof of an industry standard, and how the party with the duty of care lives up to such a standard, is critical (i.e., a TRM3 analysis)
1. A TRM3 analysis can provide proof of some standard and comparison against other companies, of what duties or efforts are reasonable, as well as if the com- pany is meeting those standards according to the analysis (separate from the specific incident at hand) over time if the TRM3 assessment is a part of an annual continual process improvement exercise.
3. Were there damages?
4. Were the damages in question foreseeable or preventable?
In the absence of a formal travel risk management (TRM) program, most compa- nies will struggle to answer these questions sufficiently to defend themselves against a claim of duty-of-care negligence if sued.
The value of a human life
Finally, we get to the unpleasant topic of how some companies or governments come to associate a financial value with a human life. Based upon previous topics covered in this book, the potential for employer losses can vary widely, potentially resulting in a collectively large amount, depending upon the type of incident, visibility of the incident, and the impact on business continuity. However, one factor that sometimes comes into play within some corporate cultures when assessing what to spend on cer- tain mitigation strategies or response and recovery missions is how one measures the value of the life, or remainder of life, in question. Economists consider the value of a statistical life (VSL) when people consider the risk-to-reward tradeoffs with regard to their health. However, this is different from the value of an actuarial life, based upon the likelihood of death. In an actuarial life, you have to consider the average life expectancy of the person in question based upon demographics, as well as how much of that person’s life has statistically lapsed or taken place, based upon their age.
In 2015, the U.S. Transportation Department noted the statistical value of a single life as US$9.4 million,1 but there are many models used for different reasons.
1 U.S. Department of Transportation, “Guidance on Treatment of the Economic Value of a Statistical Life (VSL) in U.S. Department of Transportation analyses — 2015 Adjustment Memorandum, June 17, 2015, https://www.transportation.gov/sites/dot.gov/files/docs/VSL2015_0.pdf.
Finding the money for travel risk management 181
While most people believe that a human life is priceless, some companies do look at variable statistical values of a human life to determine some risk thresholds and what they will and will not spend in terms of mitigation or potential for damages.
Baseline considerations for your TRM business case could include:
1. Build your case with relatable examples, using your companies top travel destinations or processes impacting travel (possibly meetings and events). Use the following examples for inspiration to find your own:
a. Do you have five or more employees traveling to the same destination at the same time?
Can you detect any flight with an exceeded number of employees traveling on the same flight, before they travel? Remember the company with 20 employees on Malaysian Airlines flight 370? Imagine trying to defend the company for not being able to prevent so many employees from traveling together at once? What kind of costs in damages were incurred, as well as loss of business continuity and reputation?
b. Do you mandate a travel policy that includes exclusive use of company-designated travel management companies (TMCs)? If the company doesn’t have pretrip insight into reservations data, including where and when people are traveling, there is little potential for mitigating risks prior to travel, providing adequate training and disclosures to travelers.
c. Does your company have internal teams, along with third-party crisis response resources to have planned protocols and responses to support medical or security related emergen- cies including, but not limited to:
i. Ebola ii. Civil unrest iii. Earthquakes iv. Tsunamis
v. Hurricanes/typhoons
vi. Individual traveler emergencies (sickness, assault, etc.) vii. Death of a traveler on the road
d. How prepared is your company should a traveler get hurt at a hotel that the company required use of, in the absence of safety and security standards for corporate-preferred hotels?
2. Provide examples of international law that reflect both financial penalties and criminal penalties for company executives, and in some countries (e.g., Australia), for mid-level managers as well who are found negligent in their duty of care.
3. Provide each investment stakeholder with the iJET whitepaper on the TRM3 risk assess- ment process for context (regardless of what TRM solution or supplier you use).2
4. Provide each investment stakeholder with the benchmarked TRM3 analysis scorecard for your organization, showing how your company rates in each key process area. Most com- panies beginning this process score almost completely reactive and unprepared for fulfilling what would be considered “reasonable best efforts” compared to industry peers for duty of care standards. This is why complete honesty is essential in conducting the TRM3 analysis, so that plans can be employed for real and tangible improvements that result in positive change and reduced risk exposure.
2 iJET, “Travel Risk Management & Maturity Model (TRM3),” http://info.ijet.com/resources/whitepaper.
Building a Travel Risk Management Program 182
5. Compile a list of all insurance and contracted medical and security providers for your com- pany globally, and conduct a cost-to-benefit analysis for the following:
a. Will your current insurance providers discount your premiums with the implementation of a comprehensive TRM program?
b. Is it beneficial to put your global insurance requirements out to bid for cost savings and global standardization of standards and services.
i. Most TRM solutions providers are partnered with global medical and security insurance companies who can provide competitive solutions at competitive rates in conjunction with a TRM program.
6. Share the cost of parts or all of the program with departments or customers:
a. Transactionalize the cost of your TRM solution via your TMC and include it in your TMC transaction fee. If possible, include these fees with your billable expenses to clients for project work.
b. Find funding from departments other than travel to supplement or cover the cost of TRM solutions (Legal, Human Resources, Security, HSE (health, safety, environmental), etc.).
The following is an example of how to break down your annual TRM solution subscription or license fee costs into your TMC transaction fees:
Company A uses ABC123 Travel Management Company (fictional) globally, which supports approximately 10,000 transactions annually at a cost of $30 per trans- action (for discussion purposes only). The annual cost of Company A’s TRM solution license fees are estimated US$30,000, excluding case fees or third-party services (e.g., includes technology, intelligence and crisis hotline). While Company A may be required to prepay the cost of the US$30,000, it can perhaps recoup most or all of its TRM program subscription or license fee costs if its travel costs are billable to its customers in the following manner:
Annual TRM base costs: US$30,000
Divided by number of TMC transactions: 10,000 transactions Equals cost per transaction for base TRM program: US$3.00 per transaction Plus the standard TMC transaction fee: US$30.00 per transaction Equals combined TMC/TRM fee per transaction US$33.00 per transaction
Example baseline components of TRM subscription based solutions available for licensing include:
1. Basic itinerary-based traveler tracking—Cost item with many premium, TRM solution providers. Free with some TMC core offerings.
2. GPS-based traveler tracking—Cost item with many TRM solution providers. Free with some TMC core offerings. This feature transmits a latitude and longitude based location in the TRM solution reporting dashboard for the moment when the traveler transmits a “check in” signal. It does not provide tracking of continuous movement.
3. Intelligence-based travel alerts—Cost item when distributed to travelers, using quality risk intelligence (not news) with either TMC or TRM solution provider. Some TMCs provide no-cost alert subscriptions to a small number of individuals at each of client’s companies that are involved with TRM.
Finding the money for travel risk management 183
4. Messaging capabilities—Cost item with both TMC and TRM solution provider programs.
Often includes traveler communications from system reports via e-mail, SMS text message, or push message via mobile applications.
5. Crisis response hotline—Sold by TMCs or TRM solution providers, but always powered by TRM solution providers, this hotline should be one consolidated resource/phone number for travelers to call from anywhere in the world should travelers experience a crisis, such as medical or security issues, theft, assault, or intellectual property loss. This is separate from a TMC’s after-hours emergency hotline for reservations.
6. Special intelligence reports—Airline safety reports, hotel safety assessments, health assess- ments based upon geography, etc.
7. Satellite tracking—With the use of satellite phones and special TRM solution features, select user’s movements can be tracked as the user moves. This is especially important for some industries working in remote, isolated areas, such as offshore oil rigs or remote, unpopulated areas. This is a cost item, typically only provided by TRM solutions providers.
8. Global medical services and evacuation network access only—An “access only” program is typically for those companies who have insurance in place that will pay for these services as needed, but do not necessarily have the global resources to support the client in question.
The “access provider” can provide the support and can coordinate payment with the client’s insurance provider(s).
9. Global medical services and evacuation network access plus insurance—In the absence of separate corporate insurance relationships to pay for access and services via a global medi- cal services and evacuations provider, both the access to the network and the insurance to pay for services rendered would be provided by the same supplier. Most major TRM solu- tions providers have partnerships to offer both “access only” and “access plus insurance”
options. It is important that your TRM solution provider, who does the case management via its crisis response hotline for any medical or security-related services, be agnostic as to who the client chooses to use for medical services or payment, even if it has a preferred partner in this area. This is because many clients have preexisting relationships that they want to maintain, which can and should be managed within the full scope of the client’s TRM and crisis response protocols with their TRM solution provider.
How do I show a return on investment on risk management?
In essence what you are trying to achieve is to show value for things that don’t happen, because in fact you are managing the risks well. If you use the fundamental concept of
“How would we be able to defend ourselves against litigation, should we need to prove that we made ‘reasonable best efforts’ as compared to our peers within our industry?”, then detailed, year over year documentation of those efforts is a good place to start.
That happens with following the TRM3 assessment process as part of an annual business process improvement exercise with benchmarked analysis reports. Investment will be required to raise your scores on the assessment to acceptable levels and then to maintain them on an ongoing basis. The potential for loss, which should also be a part of the return on investment (ROI) discussion, should call investor’s attention to:
1. Loss of reputation.
2. Loss of operations or business continuity.
3. Loss of trust from employees and customers.
Building a Travel Risk Management Program 184
4. Loss of ability to obtain and keep new talent (risk management and safety are key considera- tions for new hires in today’s global economy).
5. Loss of cash or capital for lack of preparation or coverage. Always consider the cost for the transfer of financial risk via insurance products, or a cost benefit analysis for self-insurance covering:
a. Medical-related incidents b. Security-related incidents c. Fleet-related incidents
i. Liability coverage ii. Personal accident coverage d. Business interruption insurance
i. Stop loss limitations ii. Liability coverage iii. Excess liability coverage iv. Political risk/liability coverage
Savings via self-insurance
Simply doing the initial and ongoing analysis for whether or not to self-insure, can be costly and time consuming, but for large organizations whose employees travel inter- nationally, self-insurance is another effective tool as part of an ERM (enterprise risk management) strategy. However, self-insurance, in essence, is based upon a company or organization allocating enough money to compensate for potential losses, based upon predictable and measurable risks using claims histories (usually spanning a mini- mum of 2 years) and legal/regulatory requirements for minimum coverage depending upon the item, person, or operation being covered, along with the jurisdiction. Self- insurance doesn’t necessarily mean no insurance, as is the case with providing legal minimums for fleet-related liability insurance via self-insurance, along with excess liability insurance where additional coverage may be needed by market or jurisdiction.
Many companies with large vehicle fleets under management self-insure damage to the vehicles themselves, but have some sort of personal accident and liability cov- erage largely because estimating these amounts can often be difficult, in contrast a predetermined value of the vehicle assets.
While self insured companies can sometimes benefit from costs savings depending upon the findings of their claims reviews and financial analysis, savings must be bal- anced with the added cost of policy administration and claims processing, which can sometimes be outsourced to third party administrators.
Additional benefits of being self-insured can include customized plans, catering to the specific needs of the business, and faster claims processing and enhanced cash flow.
Business continuity or operational resiliency plans
If you could, sit down with your CTO and ask the question, “What is the cost to our organization for one hour of network downtime?” When it comes to critical
Finding the money for travel risk management 185
infrastructure and operations, many IT departments know these numbers as they are a part of business cases for disaster recovery, or business continuity plans. According to Gartner3, based upon industry surveys, the average cost per minute of network downtime is $5,600 USD, which is over $300k USD per hour. In contrast, think about the potential costs or losses associated with project delays, lost sales, manufacturing inefficiencies relative to your inability to safely move key personnel in and out of work or client site locations, where their presence is required? According to the U.S. Travel Association, statistical models over 18 years and 14 industries indicate that for every dollar invested in business travel, U.S. Companies have experienced a $9.50 return in terms of revenue4. With that in mind, it is arguable that the resources and support provided through a managed travel program and TRM, be looked at holistically as investments in business continuity or operational resilience, and perhaps partially funded from those budgets accordingly.
Using OSHA (Occupational Safety & Health
Administration) – U.S. Department of Labor Data for TRM Investment Business Case
In the United States, workplace safety guidelines are enforced at the federal level by OSHA (Occupational Safety & Health Administration). Business travel is widely agreed upon as an extension of the workplace, from a legal and operational perspective;
therefore, while unofficial, the case could be made that statistics on savings relative to workplace safety inspections and programs via OSHA for example, investment in TRM programs and resources should be considered in kind. On the OSHA.gov website5, OSHA cites a study showing a 9.4% drop in injury claims and a 26% average savings on workers’ compensation costs during four years after a Cal/OSHA inspection in com- parison to a similar group of uninspected work locations.
Leveraging ERM (enterprise risk management) identifying claims and costs savings opportunities
Building a business case for investment in TRM can be very challenging, especially if your foundation is primarily based upon cost avoidance. One of your biggest chal- lenges may be doing the due diligence necessary to identify, document and correlate potential cost savings to the company, based upon your proposed TRM program. This is where there may be some opportunity for consolidation between TRM and your
3http://blogs.gartner.com/andrew-lerner/2014/07/16/the-cost-of-downtime/.
4https://www.ustravel.org/sites/default/files/Media%20Root/5.2015_BizTravel_Report.pdf.
5https://www.osha.gov/dcsp/products/topics/businesscase/.