Documente Academic
Documente Profesional
Documente Cultură
Overview
Contents
WHAT IS RISK MANAGEMENT ............................................................................................... 2
RISK MANAGEMENT DECISION CRITERIA ............................................................................ 3
COST BENEFIT....................................................................................................................... 3
RISK AVERSION...................................................................................................................... 3
AUTHORITATIVE REASONS ...................................................................................................... 4
POLICY BASED DECISIONS ..................................................................................................... 4
THE PROCESS OF MANAGING RISK ....................................................................................... 6
IDENTIFICATION OF HAZARDS ................................................................................................ 7
RISK ANALYSIS....................................................................................................................... 7
VALUE JUDGMENT OF THE RISK.............................................................................................. 7
Terminate ........................................................................................................................ 7
Transfer........................................................................................................................... 7
Treat ................................................................................................................................ 7
IMPLEMENTING AND MONITORING THE SYSTEM ....................................................................... 8
MEASUREMENT / AUDIT ......................................................................................................... 8
EVALUATION OF MEASUREMENT RESULTS ............................................................................... 8
R I S K
M A N A G E M E N T
O V E R V I E W
R I S K
M A N A G E M E N T
O V E R V I E W
There are four main reasons why people and organizations apply risk management:
As said earlier, the biggest reason for applying risk management is due to the
financial benefits. The basic philosophy is that money should only be spent if the
benefits outweigh the expenditure. In this context, the capital spent on installing a
sprinkler system is seen as an investment and it must produce a return. The return
on investment must be positive and preferably greater than the value usually
gained; otherwise the sprinkler should not be installed.
In order to be able to calculate a cost-benefit analysis, risk analysis plays a critical
role - as the comparison is basically between the risk involved vs. the money to be
spent in order to reduce the risk to an acceptable level.
Although important, it quite often happens that risk management is applied even
though it is not cost-effective, due to one or more of the reasons below.
Risk
Aversion
Another major reason why people and organizations apply risk management is
because man is averse to risk. Even people who regard themselves as risk-takers
are in fact, averse to risk. For example, a banker who operates in the private sector
would regard himself as a risk-taker. He is not actually a risk-taker. Before lending
money, he will take every possible step to ensure that he has adequate security for
the loan.
3
R I S K
M A N A G E M E N T
O V E R V I E W
Because of this natural aversion, people take steps to reduce risks, even if the steps
are not cost effective. Imagine trying to convince the shareholders after a R50m
fire loss, that you had decided not to purchase a sprinkler system because you
regarded it as being not cost effective. After a major loss, no one is particularly
interested in cost to benefit calculations.
The decision to implement risk control measures - based on risk aversion - is
influenced by the magnitude of potential losses and the cost of the control
measures. The following usually influences the decision:
Authoritative
reasons
Authoritative reasons play a major role in the decision for the implementation of
risk control measures. Together with aversion to risk, not many managers would
argue about implementing a control measure if he knows that failure to do so
could result in a jail sentence or being charged with culpable homicide if an
employee is killed due to his failure to comply with legislation.
The most common forms of authoritative reasons are:
Legislation
Policy Based
Decisions
In practice, many decisions are simply policy based decisions. If the companys
policy is that its employees are important, it will probably have an effective system
for prevention and treatment of occupational injuries and illness in the work place.
Another company may decide that they want to obtain ISO 9000 certification in
order to enhance the quality and image of their product, and would therefore
develop and implement a quality assurance system. It often happens that chemical
companies for example, want to improve their image with the general public and
would spend large amounts of money on environmental issues. Although the
original motivation may not have been specific to risk management, risk
management would benefit.
R I S K
M A N A G E M E N T
O V E R V I E W
RISK CONTROL
RISK FINANCING
Fire
Security
Safety
Occupational Health
Environmental Management
Maintenance
Quality Management, etc.
Retention
Financing
External
Financing
R I S K
M A N A G E M E N T
O V E R V I E W
TREAT
TOLERAT
TRANSFER
R I S K
M A N A G E M E N T
O V E R V I E W
Identification
of hazards
Risk Analysis
Once the hazards have been identified, the level of risk and the threat that it poses
to the organization has to be analyzed and determined. At this stage the adequacy
of present safeguards must also be considered.
Value
judgment of
the risk
With the extent of the risk known, a decision has to be taken whether with the
existing safeguards, the risk is acceptable or whether something needs to be done
about it. Should the level of risk be found to be acceptable, it could be tolerated
but measuring and monitoring is required to detect any change in the level of risk.
Risk reduction
This is part of the risk management process where the strategy for dealing with
specific risks is formed. Any of the techniques of risk control or risk financing
may be selected here; as a general guideline, however, it is wise to combine at least
one control measure with at least one financing technique for each risk faced.
Terminate
This is strictly a risk control technique and this approach is a synonym for risk
avoidance. It should be thought of as including both the refusal to expose the
organization to a risk in the first place and the complete elimination of a risk that
is already present in the operation. This is the only risk management technique
designed to be used without any others.
Transfer
Perhaps the most common risk transfer is to finance losses through insurance, but
many types of contractual transfers are also common. Risk control plays an
important part here too, since transfers are not foolproof and almost always leave
some chance that the transferor may suffer a loss.
Treat
Also related to risk control, treating the risk includes the techniques known as
risk control, or loss prevention, and reduction. Note that when these techniques
are applied, the risk still exists; the tools are designed to stop or reduce losses only.
For example, wearing a hard hat does not eliminate the risk of being struck by
falling objects; it only prevents or reduces injuries. Risk treatment is a vital area of
activity for reasons that will be examined later.
7
R I S K
M A N A G E M E N T
O V E R V I E W
Implementing
and
monitoring
the system
With work identified and standards set, the required control measures are
implemented.
Measurement
/ audit
It is often found that control measures are implemented and never reviewed unless something drastic - e.g. a major incident - occurs. Therefore, in order to
ensure that the control measures are indeed as effective as was intended, they need
to be monitored and measured. This measurement can be in the form of regular
measurement by sampling, or by comprehensive measurements - such as auditing on a periodic basis.
Evaluation of
measurement
results
Once all the risks have been reduced to acceptable levels, the Risk Management
process will not end. It is necessary to continue with risk control. This is the
process to ensure that all the measures put in place to reduce the risks to
acceptable levels are adhered to, or to identify hazards that have not been
identified earlier. As can be seen from the Figure below, risk control can be done
by means of inspections and incident/accident investigations.
R I S K
M A N A G E M E N T
O V E R V I E W
Risk Control
Verification
by
Inspection
Incident/Accident
Investigations
Corrective Action
Update
Risk Profile
-------------X------------