uncategorised | Table

Most organisations and Local Governments understand and manage their enterprise–wide risks using the recognised industry standards such as ISO 31000:2018, but do not understand how to effectively and efficiently manage ’Insurable Risks’, usually delegating this process to an insurance intermediary, being an insurance broker, agent or direct insurer.

 

Landell is not an insurer, an insurance broker or an insurance agent and has no relationship with any insurers, risk financiers, brokers or agents.

 

Landell is an independent,  insurable risk management strategist, providing Insurable Risk Profiling, Gap Analysis and expert Insurance / Risk Transfer tender management services for Local Government, Sport, Not-for-Profits and Corporations.

 

Our clients, on average, save 27% per annum on insurance and risk management costs, enjoy broader coverages and peace of mind that  their insurable risks have been identified and they have appropriate insurance coverage at the right price.

 

Landell's Insurable Risk Management service offering focusses on identifying an organisations risks that can be insured, ensuring its risk insurance requirements are clearly defined, and managing tenders to maximise the value of insurance, whilst minimising cost.

 

Landell's Insurable Risk Management service offering is innovative and provides a holistic assessment of an organisation’s risk management and insurance programs and strategies.  We focus on all key aspects of the organisation's core insurable risks and insurance programs, ranging from coverage and pricing, through to broker services, advocacy, and insurer security, all of which are critical to ensuring a sound, efficient and effective insurance program. We tailor the scope of our services to match each customers requirements and may include the following comprehensive risk and tender management services:

  • Insurance Broker Tender Management;
  • Insurable Risk Profiling, including Gap Analysis; and
  • Risk Appetite, Tolerance and Retention, including Loss Limit Validation.

 

Tender Management for Broking & Insurance Services

 The deliverable, quantifiable benefits can include:

  • Independent, expert management and advice, assuring compliance with legislative requirements, organisational policy and best value practices
  • Unbiased tender management, providing the optimum amount of competitive tension and avoidance of broker reserving practices
  • Insurance program benchmarking, resulting in improved structure
  • Improved and appropriate risk management services
  • Enhanced coverage opportunities
  • Reduced annual insurance and broker services’ costs
  • Provision of appropriate criteria for effective decision-making
  • No requirement to change broker/s and or insurer/s for organisations to benefit from this review process
  • Negotiation of Broker Service Level Agreement (Contract)
  • Oversight and provision of risk management, risk transfer of Factual Information for the period of the contract 
  • Assurance that an organisation’s broker is their agent/fiduciary and not the agent of any insurers to the organisation’s program
  • Oversight of Council’s broker and insurers risk transfer and management

 

Insurable Risk Profiling and Gap Analysis

The deliverable, quantifiable benefits can include:

  • Identification and assessment of core insurable risks
  • Identification of coverage deficiencies, including deficiencies in cover, gaps in cover and over or under-insurance
  • Closure of gaps and removal of deficiencies in cover
  • The alignment of the identified core insurable risks to the organisation's insurance and or risk transfer program
  • Provision of appropriate information for critical decision-making and compliance 
  • Assurance that an organisation'ss Risk Transfer Program is 'fit-for -purpose'
  • The oversighting of a review of risk appetite, tolerance and retention
  • Oversighting of a review of Business Interruption risks and coverage
  • Oversighting Cyber Risk profiling and security audit.

 

Risk Appetite, Tolerance and Retention, and Loss Limit Validation

If an organisation is over-insured, it is wasting risk capital. Conversely, if an organisation is under-insured it is exposed to events which may cause substantial unforeseen losses. This service therefore can include on or more of the following deliverables and benefits:

  • Assessment of the organisation’s financial strength to determine whether higher or lower insurance deductibles should be considered
  • Working with the organisation’s preferred broker to; review the organisation’s risk tolerance level and appetite to retain risk (i.e. self-insured retention levels) and investigate options, innovations and best-value pricing
  • Determining an organisation's acceptable loss limits to validate the levels of coverage it is purchasing, and to ensure that risk capital expenditure is optimised

 

Other value-added IRM services

Management of Insurable risks can require the application of a broad range of skills and specialisations, dependent on the client's needs, industry sector and risk tollerance. The Landell's IRM core offerings may include one or more of the following additional services:

  • Review of Risk Transfer strategies and Broker Service Level Agreement / Services
  • Benchmarking of Broker fees, commissions, bonuses, profit-sharing contingency agreements with Insurers
  • Review of preferred Broker’s agency and underwriting agency agreements with Insurers in relation to fiduciary duty and advocacy
  • Cyber Risk Profiling and Security Audit
  • Policy Wording Review and Coverage Benchmarking
  • Benchmarking Indemnity Levels, Deductibles & Costs
  • Strategic Risk Reviews
  • Development of Risk Frameworks and Processes
  • Enterprise-wide Risk Assessment facilitation, including grading to ISO3100:2018
  • Business Continuity & Crisis Management
  • Health, Safety and Environmental Risk Management Solutions
  • Workers' Compensation and People Risk Solutions

 

 

At Landell, in addition to "traditional" negative risk identification and mitigation, we pride ourselves on being able to assist our clients rebalance their risk frameworks to capture valuable opportunity.

 

Balanced Risk Approach.pdf

 

Agile versus Traditional ICT Procurement

 

Often organisations are seeking to deliver an ICT-enabled change project in an Agile manner with external resources, and sometimes this includes a technology acquisition.

 

Agile approaches are in response to conditions that do not favour linear approaches to delivery and the contract needs to support this while providing you sufficient controls to manage a successful outcome.

 

Landell has compiled a list of the major differences between a traditional ICT procurement and an Agile procurement. To discuss what these might mean for your project, please contact us.

 

Differences between Agile and Linear ICT Procurements.pdf

 

A Complexity Heat Map for your ICT-enabled change project will aid the way you plan and make decisions for successful delivery

 

As complexity increases, knowing all possible (realistic) outcomes and making the right decisions to anticipate known potential and unforeseen events becomes more difficult.

 

Understanding the level of complexity that your ICT-enabled change project could be subjected to can provide the frame of reference you and your stakeholders need to plan and deliver successfully.

 

The Complexity Heat Map: The Catalyst that Turns Uncertainty into Action

 

Landell (ICT commercial advisory and procurement experts) with risk experts Broadleaf have developed the Complexity Heat Map. The Complexity Heat Map provides you with an indicative assessment of factors from which complexity and uncertainty can emerge. Below is a Complexity Heat Map of an ICT change project that is trending towards complexity.

 

Example Complexity Heat Map

CHM

With interpretive advice from Landell and Broadleaf, the Complexity Heat Map can be the basis of dialogue between you and stakeholders to:

 

  • shape the right delivery approach considering levels of uncertainty and volatility;
  • intervene or change direction to avoid or simplify the complex;
  • accept complexity and take more flexible and contingent approaches to manage it, and
  • effectively respond as unforeseen events emerge.

 

Importantly, if your project presents low levels of complexity then decisions can justifiably be taken to leverage efficient approaches with tried and tested quality controls.

 

Obtain a Complexity Heat Map

 

To obtain a Complexity Heat Map, a short 10-minute survey needs to be completed by one or more people.

 

The greatest value when key project personnel and stakeholders participate in the survey. When this occurs, the Complexity Heat Map plots both diversity of opinion and areas of complexity that are both invaluable for planning and decision-making no matter where you might be in a project.

 

Once the survey is completed, Landell and Broadleaf will produce your Complexity Heat Map along with a short brief on what approaches you might consider. There is no charge to obtain your Complexity Heat Map.*

 

To obtain a Complexity Heat Map just for yourself, click on this link.

 

To conduct a Complexity Heat Map for multiple people, please contact us.

Cynefin

 

Based on the Principles of the Cynefin Framework

The Complexity Heat Map is based on the globally renown framework for complexity called the Cynefin     Framework (Snowden). The Cynefin Framework is a tool to help decision-makers sense environmental conditions and act accordingly for success. 

 

To find out more you can read the following Harvard Business Review extract.

 

Complexity Heat Map Overview.pdf

 

*If over 10 people need to be surveyed, a small fee may be payable.

 

Educated Staff: Your Biggest Strength or Weakest Link Against Cyber Attack

Written by Nicholas Leask

 

There is that iconic scene in Terminator 2, where the assassin cyborg from the future arrives at John Connor’s home. The cyborg is interested in John because in the future he will be the leader of human resistance against Skynet. The cyborg is dressed as a police officer and asks the foster parents where John can be located, and gains access to personal information about John in the form of his photograph. The audience knows this is a horrible setup, but the parents are disarmed by the presentation of a seemingly authentic police officer, who by law and social norms, they are required to comply with.

 

 

The Need for Employee Awareness

In the cyber security domain this is known as a Social Engineering Attack – a situation where someone looks to exploit human psychology as a way of gaining an advantage. This situation is very hard to protect an organisation against, because of ingrained human behaviours.

 

When I started working in IT security in the early 1990’s we used to worry about two types of IT security exploits:

 

  1. Technical: Where weaknesses in software or infrastructure are exploited using specific tools.
  2. Social Engineering: Where people are targeted by charismatic people with a good story.

 

We used to worry about the person turning up at our Data Centre in overalls and a toolbox, claiming to be here to fix the broken fluorescent lights as a way to get hands on our data.

The most difficult cyber security exploits right now, such as Ransomware and Phishing, represent the worst combination of Social Engineering Attacks using everyday technology. The main defence against these types of vulnerabilities is awareness of your employees.

 

Delivery of Awareness Training to a Government Agency

It is important to recognise that a holistic cyber security capability within an organisation relies on two things:

 

  1. Corporate posture: That is, processes, procedures, and technologies that protect key business assets.
  2. User capability: The knowledge and ability of each employee to be able to identify and deal with cyber security issues they may encounter.

 

With this in mind, and at the request of one of our clients, we developed a one-hour cyber security awareness training package, designed to improve the awareness and readiness of their staff. It really worked, and encouraged lots of discussions throughout the office. Nice job!

 

The training is designed to be interesting, informative and interactive. We covered off topics to define cyber security and to understand why cyber security is a problem that impacts all organisations and employees. We presented a number of case studies of real world incidents and held discussions about why and how they occurred, as well as the impact they had on the target and their customers.

 

Once the participants had worked through that background information, we held an interactive session looking at real-world scenarios and how individual staff can identify and avoid situations that may lead to the compromise of data, credentials, or provide an avenue for access to business systems. 

 

Keys for Cyber Secure Users

Cyber security from a user perspective is dependent on the following capabilities and practices:

 

  1. Have a known process for responding to an incident
  2. Practice safe surfing, avoid untrusted sites
  3. General-use PC logins should not have Administration-level rights
  4. Use unique logins for all sites and applications (and a password manager)
  5. Continue using virus scanner technologies on PC devices
  6. Avoid USBs from unknown sources

 

Creating Awareness Among Your Staff

The training package we developed is engaging, interesting and encourages great learning and discussion. If you are interested in running some user awareness training for your staff, drop me a line.

 

Nicholas is Landell’s Principal for Information Technology.