Documente Academic
Documente Profesional
Documente Cultură
designing the business and training its employees to minimize losses, rather than just buying
insurance to cover losses. In other words, the management of risk can be scientific, not so much
through controlled experiments as is done in traditional science, but by studying losses to
understand why the loss occurred and how it can be prevented or mitigated. Information gained
from studying losses could thus be compiled and promulgated to others with similar risks.
Moreover, such information is increasingly used in expert systems, computer systems that not
only store extensive knowledge, but also apply that knowledge through the use of algorithms
based onanalytical principles developed by experts.
Risk management is used by small employers, corporations, nonprofit organizations, and
federal, state, and local governments. Even people can benefit from a personal risk
management program. Risk management is an important subdivision of most businesses,
since the viability of any business will depend on how well it controls and finances risk.
The cost of risk includes premiums, retained losses, financial guarantees, internal administrative
costs, outside risk management services, and taxes, fees, and other related expenses. Since the
term risk has several meanings, risk managers often use the term loss exposure to remove any
ambiguity as to what is meant. A loss exposure is any situation where a loss is possible,
whether loss occurs are not.
Losses and the cost of managing risks reduces the profitability of the business. Therefore, that
profitability depends on eliminating or reducing the cost of losses and of managing the risks,
which is the function of the risk manager. The main concern of the risk manager is to determine
how much risk to retain and how much should be transferred through insurance or other
available means. Additionally, the risk manager requires detailed knowledge of the types of
insurance that are available and their costs, so that the best decision can be made.
Risk management for most firms is probably the responsibility of at least several people.
Generally, the larger the organization, the more likely they will have a department devoted to
risk management. Additionally, many types of businesses will have specific employees whose
duty is to manage particular types of risks. For instance, banks and other financial institutions
generally have one or more people whose only job is to ensure that the bank complies with the
laws and regulations affecting it. Many types of risk, such as legal or financial risk, require
specialized knowledge, so it is typical that these types of risk will be managed by people
specialized in those specific areas, usually as 1 part of their activities.
Generally, a risk management program must involve other departments of the business, since
they would be in a better position to address loss exposures in their department. For instance, the
accounting program should maintain internal accounting controls to reduce employee fraud,
embezzlement, and theft. The finance department can better assess the risk that it is taking with
its investments and what effect it will have on the firm. The human resources department will
generally have greater expertise in following the rules and regulations for employee benefit
programs, pensions, safety programs, and in implementing policies for hiring, promotion, and
dismissal. The production department must institute quality control to reduce product defects
and improve safety in the workplace. The marketing department must ensure that products are
labeled according to regulations and to provide the maximum benefit to the consumer and that
the product is distributed safely to the consumer.
Risk management objectives can be divided into pre-loss and post-loss objectives.
Pre-Loss Objectives
Pre-loss objectives are goals that a business should strive for before any losses occur. Preventing
or minimizing losses are the most cost-effective ways for a business to reduce the cost of losses.
As they say, an ounce of prevention is worth a pound of cure. Equipment and business
procedures should be selected to maximize safety and reliability. It must be decided how much
risk to retain and what types and amounts of insurance should be purchased and who is primarily
responsible for risks overall and particular types of risks.
Loss exposures for business include:
property losses
liability
business income loss
human resources losses
losses from crime
foreign losses, including foreign currency risks, kidnapping of key personnel, acts of terrorism, and
political risks
reputation of the company.
Maintaining employee benefits and complying with government regulations for those benefits can also be
a major source of liability, including failure to pay promised benefits and violation of fiduciary
responsibilities.
Another pre-loss objective is to reduce anxiety, since some loss exposures can cause
catastrophic losses, such as major lawsuits. Legal obligations must be met, including installing
safety devices to protect workers, to properly dispose of hazardous materials, and to label
consumer products appropriately.
Post-Loss Objectives
Post-loss objectives will depend on the magnitude of loss, but generally include:
Risk Managers
Because of the complexity and risks that large organizations face, they employ risk managers
who specialize in risk control and financing. In smaller organizations and businesses, risk
management is usually the responsibility of the executives and owners.
Risk managers must keep up to date on industry trends and rising prices of insurance, litigation
costs, and various other costs that generally increase with inflation. They must know and use
risk control and risk finance methods, which are detailed in the previous article, Handling Risk:
Avoidance, Loss Control, Retention, Noninsurance Transfers, and Insurance. To limit losses
from some retained risks, it must be decided whether excess insurance, which pays only
if actual losses exceed a specified amount, will be purchased.
Insurance coverages and the size of deductibles must be decided. Risk managers will generally
solicit competitive premium bids from several insurers to obtain the lowest price. They must
decide on the terms of the insurance, and on specific exclusions and endorsements. If the risk
manager wants coverage or special provisions that are not provided by standard policies, then an
insurance company or broker may write a manuscript policy containing the desired
provisions. Generally, manuscript policies are only written for larger accounts because they
must comply with state laws, so it would not be cost-effective to provide manuscript policies for
smaller accounts.
Generally, insurance contracts will specify how claims are to be presented and what evidence of
loss is to be presented. The risk manager would have to inform others of some of these insurance
policy requirements, especially among those who are likely to recognize the loss 1s t .
The risk management policy, at a minimum, should determine how much risk should be
retained, and if potential losses exceed a certain dollar value, a percentage of working capital, or
some other specific measure, then insurance should be in purchased to cover that exposure. The
policy should also state who is primarily responsible for risk management overall and who is
responsible for particular risks. Generally, a risk manager will generally be responsible for
insurance coverage, maintaining property appraisals and inventory valuations, processing
claims, maintaining loss records, and supervising and reviewing loss prevention activities. The
risk policy may also state that only insurance from insurance companies with a minimum rating,
such as an A+ in Bests Policyholders Ratings, should be purchased. If insurance must be
purchased from another company not satisfying the minimum rating, then the risk manager must
obtain approval from the board of directors and/or file a report about the purchase.
The risk management policy should also include how loss exposures will be treated, what toplevel executives should know about the risk management process, what standards will be used to
monitor the risk managers performance. A written risk policy will also give the risk manager
greater authority in the firm, allowing a more effective implementation of the policy.
A risk management manual may also be published that provides greater detail of the
risk management process and can be tailored for specific employees working in specific areas of
the business. The manuscript should also include procedures to follow in an emergency.
low
Retention
high
low
low
high
Insurance
high
high
Avoidance is the only rational technique for a loss that is both severe and frequent, since no
organization can remain viable suffering a high frequency of losses that are also severe.
Likewise, no insurance company will ensure such a loss. If these losses cannot be avoided
completely, then every effort should be made to reduce or likelihood. Commonly occurring
losses can be budgeted and paid as an operating expense.
1.
2.
3.
4.
5.
6.
determine objectives
identify risks
evaluate risks
managing those risks
implement the plan
review the results
Identifying Risks
Thorough knowledge of an organization and its activities is required to identify risks. Besides
having a broad knowledge of the particular business and the laws and regulations affecting it,
the risk manager must generally obtain more specific information by interviewing the
appropriate people, both inside and outside of the organization, by physical inspections, and by
reading relevant internal records and documents. Risk can also be identified by studying OSHA
< https://www.osha.gov/ > requirements for the specific business and what factors insurance
companies consider when setting a premium, which will usually depend on the hazards
associated with the type of business and for that particular business.
Documents that should be examined include financial statements, leases and other contracts,
inventory records, asset schedules, and appraisals and valuation reports. The risk manager
should also be notified of upcoming construction, remodeling, renovation of the firms
properties, or the introduction of new products, activities, or other operations that may give rise
to risk. A risk manager must have a clear idea of how the business operates and what could
potentially happen if specific parts of the business are disrupted, such as from the destruction of
equipment or from the death or resignation of key employees. Risk managers often use
flowcharts to understand the business more thoroughly and to better evaluate what would
happen if one part of the business was disrupted.
Risk Evaluation
The magnitude of the risk depends on both the potential magnitude of the loss and the
probability that the loss will occur. To prioritize risks and to manage them successfully requires
that potential losses and their probability be assessed for each risk.
Besides classifying each risk according to a risk management matrix, another closely related
method is the criticality analysis approach. Criticality analysis, used in the US space
program, analyzes risks in terms of their severity and places them in particular classes according
to how critical the loss would be to the project. The criteria for each class would generally
depend on the project and the organization or business, but the following classes illustrate how
criticality analysis works:
Critical risks include all risks that will be catastrophic financially to the organization, where a loss would
result in bankruptcy.
Important risks are risks that the organization can recover from, but only by borrowing.
Unimportant risks are risks that can be paid out of current income or savings.
The effort to manage the above risks would be proportional to their criticality. Putting risks in
classes rather than prioritizing them individually makes sense because the effect of any loss
within a given class would be the same. For instance, if 2 different losses would bankrupt the
firm, then both losses should be avoided or insured. Likewise, for important risks and
unimportant risks, since losses from these categories would result in the same remedy.
When risks are evaluated, all potential losses associated with that risk should be evaluated. Both
direct and indirect costs of loss exposures must be estimated. For instance, if a
critical machine in a factory is destroyed, then not only the cost of the machine must be
considered, but also the cost of lost income, and any other losses resulting from the destruction
of machine.
decreases; liquidity risk, when the firm does not have enough liquid assets to pay debts
becoming due; and credit risk, when the firm may not receive repayment of its loans or
receive payment for its products that were sold on credit. Banks, insurance companies and other
financial institutions especially require successful financial risk management.
Enterprises also have other risks that can affect it overall, including operational risk, reputational
risk, compliance risk, and strategic risk. Operational risk arises from an internal process
that causes losses, such as lack of internal controls, fraud, and technology risks, including
antiquated technology, breach of information systems by outsiders, programming errors; and
losses from external events, such as fires and floods. Reputational risk arises
from lower sales because of negative publicity or a negative reputation. Compliance risk is
the risk of failing to comply with laws and regulations, which will usually result in fines or
lawsuits that can cost the firm a significant amount of money. Strategic risk is failing to
implement the firms strategy, resulting in lower profits or greater costs.
Information is provided 'as is' and solely for education, not for trading purposes or professional advice.
Copyright 1982 - 2016 by William C. Spaulding < http://thismatter.com/about.htm >