The Risk Management Process

Unit 2:

The Risk Management Process


We have looked at the nature of risk and the various classifications into which it can be put. The concept, which develops, is one of risk as an all-pervasive force in the world; a negative feature in life bringing unfortunate, or unlooked for, outcomes. The various classifications that we have used all tend to support the view that risk is to be avoided at all costs. It would be valu­able to stop here for a moment and take stock of what this means. Are we to conclude that risk has no beneficial side to it? Is it solely a negative concept, implying loss and not gain? Has the world gained nothing from the existence of risk?


2.2   Risk Management Defined

Definition 1

Risk Management refers to the identification; measurement and treatment of exposure to potential accidental losses almost always in situations where the only possible out comes are losses or no change in the status.

Definition 2

Risk Management is a general management function that seeks to assess and address the causes and effects of uncertainty and risk on an organization. The purpose of risk management is to enable an organization to progress towards its goals and objectives in the most direct, efficient, and effective path. It is concerned with all risks.

Definition 3

Risk Management is the executive function of dealing with specified risks facing the business enterprise. In general, the risk manager deals with pure, not speculative risk.


The risk manager has certain specific duties. These include:

  1. To recognize exposures to loss; the risk manager must, first of all, be aware of the possibility of each type of loss. This is a fundamental duty that must precede all other functions.
  2. To estimate the frequency and size of loss; to estimate the probability of loss from various sources.
  3. To decide the best and most economical method of handling the risk of loss, whether it be by assumption, avoidance, self-insurance, reduction of hazards, transfer, commercial insurance, or some combination of these methods.
  4. To administer the programs of risk management, including the tracks of constant revaluation of the programs, record keeping and the like.


2.3 Objectives of Risk Management

Risk management has several important objectives that can be classified into two categories: pre-loss objectives and post-loss objectives.

Pre-loss objectives. A firm or organization has several risk management objectives prior to the occurrence of a loss. The most important include economy, the reduction of anxiety, and meeting externally imposed obligations.

The first goal means that the firm should prepare for potential losses in the most economical way possible. This involves an analysis of safety program expenses, insurance premiums, and the costs associated with the different techniques for handling losses.

The second objective, the reduction of anxiety, is more complicated. Certain loss exposures can cause greater worry and fear for the risk manager, key executives, and stockholders than other exposures. For example, the threat of a catastrophic lawsuit from a defective product can cause greater anxiety and concern than a possible small loss from a minor fire. However, the risk manager wants to minimize the anxiety and fear associated with all loss exposures.

The third objective is to meet any externally imposed obligations. This means the firm must meet certain obligations imposed on it by outsiders. For example, government regulations may require a firm to install safety devices to protect workers from harm. Similarly, a firm’s creditors may require that property pledged as collateral for a loan  must be insured. The risk manager must see that these externally imposed obligations are met.


Post-loss objectives.  The first and most important post-loss objective is survival of the firm. Survival means that after a loss occurs, the firm can at least resume partial operation within some reasonable time period if it chooses to do so.

The second post-loss objective is to continue operating. For some firms,  the ability to operate after a severe loss is an extremely important objective. This is particularly true of certain firms, such as public utility firm, which must continue to provide service. The ability to operate is also important for firms that may loss customers to competitors if they cannot operate after a loss occurs. This would include banks, bakeries, dairy farms, and other competitive firms.

Stability of earnings is the third post-loss objective. The firm wants to maintain its earnings per share after a loss occurs. This objective is closely related to the objective of continued operations. Earning per share can be maintained if the firm continues to operate. However, here may be substantial costs involved in achieving this goal ( such as operating at another location), and perfect stability of earnings may not be attained.

The fourth post-loss objective is continued growth of the firm. A firm may grow by developing new products and markets or by acquisitions and mergers.  The risk manager must consider the impact that a loss will have on the firm’s ability to grow.

Finally, the goal of social responsibility is to minimize the impact that a loss has on other persons and on society. A sever loss can adversely affect employees, customers, suppliers, creditors, taxpayers, and the community in general. For example, a severe loss that requires shutting down a plant in a small community for an extended period can lead to depressed business conditions and substantial unemployment in the community. 


2.4 Possible Contributions of Risk Management

Because risk management, as defined in this reading material, is concerned with pure risks, it may be regarded by some as the true “dismal science.” Pure risks can only hurt a firm or family, and the purpose of risk management is to minimize the hurt at minimum cost. Upon closer investigation, however, one discovers that the possible contributions of risk management to businesses, families, and society are highly significant.


To a Business

The possible contributions of risk management to a business can be divided into five major categories. The contributions that the risk manager will make in a particular case depend upon the objectives set for this function (see objectives of risk management) and the extent to which these objectives are achieved.

First, risk management may make the difference between survival and failure. Some losses, such as large liability suits or the destruction of a firm's manufacturing facilities, may so cripple a firm that without proper advance preparation for such event the firm must close its doors. Even if risk management did not contribute to the economic health of businesses in any other way, this one benefit would make it a critical function of business management.

Second, because profits can be improved by reducing expenses as well as increasing income, risk management can contribute directly to business profits (or, in the case of nonprofit organizations or public agencies, to operating efficiency). For example, risk management may lower expenses through preventing or reducing accidental losses as the result of certain low-cost measures, through transferring potential serious losses to others at the lowest transfer fee possible, through electing to take a chance on small losses unless the transfer fee is a bargain, and through preparing the firm to meet most economically those losses that it has decided to retain.

Third, risk management can contribute indirectly to business profits in at least six ways.

  1. If a business has successfully managed its pure risks, the peace of mind and confidence this creates permits its managers to investigate and assume attractive speculative risks that they might otherwise seek to avoid. For example, if a firm had to worry about windstorm damage to its plants and industrial injuries to its employees, it might elect to limit itself to its present markets. Freed of this worry, it might expand to new markets.
  2. By alerting general managers to the pure-risk aspects of speculative ventures, risk management 'improves the quality of the decisions regarding such ventures. For example, a firm that was deciding whether to lease or purchase a building might reach the wrong decision if it ignored the differing economic impacts of accidental physical damage to the building.
  3. Once a decision is made to assume a speculative venture, proper handling of the pure-risk aspects permits the business to handle the speculative risk more wisely and more efficiently.  For example, a business may develop its product lines more aggressively if it knows that it is adequately protected against suits by persons who may be harmed accidentally by defective products.
  4. Risk management can reduce the fluctuations in annual profits and cash flows. Keeping these fluctuations within bounds aids planning and is a desirable goal in itself. Investors regard more favorably a stable earnings record than an unstable one.
  5. Through advance preparations, risk management can in many cases make it possible to continue operations following a loss, thus retaining customers or suppliers who might otherwise turn to competitors.
  6. Creditors, customers, and suppliers, all of whom contribute to company profits, prefer to do business with a firm that has sound protection against pure risks. Employees also prefer to work for such firms.

Fourth, the peace of mind made possible by sound management of pure risks may itself be a valuable noneconomic asset because it improves the physical and mental health of the management and owners.

Fifth, because the risk management plan may also help others, such as employees, who would be affected by losses to the firm, risk management can also help satisfy the firm’s sense of social responsibility or desire for a good public image.


To a Family

Risk management can provide families with the same five major classes of benefits. For example, by protecting the family against catastrophic losses, risk management may enable a family to continue a lifestyle that might otherwise be severely threatened or disrupted. Indeed the continued existence of the family unit might be at stake. Second, sound risk management may enable the family to reduce its expenditures for insurance without reducing its protection. Because a family cannot deduct insurance premiums from its taxable income, a dollar reduction in insurance premiums may be worth more than an additional dollar of income. Third, if a family has adequate protection against the death or poor health of the breadwinner, damage to or disappearance of their property, or a liability suit, they may be willing to assume greater risks in equity investments or career commitments. They may also find it easier to secure a mortgage or personal loan. Fourth, family members are relieved of some physical and mental strain. Fifth, families may also gain some satisfaction from a risk management program that helps others as well as themselves or that improves their image.


To the Society

To the extent that individual businesses and families benefit from risk management, so does the society of which they are members. Society also benefits from the more efficient use risk management permits of business and family resources and from the reduction in social costs associated with business and family financial reverses.


2.5 THE Risk Management Process

The process involves five steps. These are:

  1. Identifying loss exposures. The loss exposures of the business or family must be identified. Risk identification is the first and perhaps the most difficult function that the risk manager or administrator must perform. Failure to identify all the exposures of the firm or family means that the risk manager will have no opportunity to deal with these unknown exposures intelligently.
  2. Measuring the losses. After risk identification, the next important step is the proper measurement of the losses associated with these exposures. This measurement includes a determination of (a) the probability or chance that the losses will occur, (b) the impact the losses would have upon the financial affairs of the firm or family, should they occur, and (c) the ability to predict the losses that will actually occur during the budget period. The measurement process is important because it indicates the exposures that are most serious and consequently most in need of urgent attention. It also yields information needed in step 3.
  3. Selection of the risk management tools.  Once the exposure has been identified and measured, the various tools of risk management should be considered and a decision made with respect to the best combination of tools to be used in attacking the problem. These tools include primarily (a) avoiding the risk, (b) reducing the chance that the loss will occur or reducing its magnitude if it does occur, (c) transferring the risk to some other party, and (d) retaining or bearing the risk internally. The third alternative includes, but is not limited to, the purchase of insurance. Selecting the proper tool or combination of tools requires considering the present financial position of the firm or family, its overall policy with reference to risk management, and its specific objectives.
  4. Implementing the decision made. After deciding among the alternative tools of risk treatment, the risk manager must implement the decision made. If insurance is to be purchased, for example, establishing proper coverage, obtaining reasonable rates, and selecting the insurer are part of the implementation process.
  5. Evaluating the result.  The results of the decisions made and implemented in the first four steps must be monitored to evaluate the wisdom of those decisions and to determine whether changing conditions suggest different solutions.

As is true of management in general, risk management may be described as both an art and a science. Risk managers must still rely heavily upon nonquantitative techniques that depend upon deduction and intuitive judgments.  Yet certain broad principles of risk management have been developed. Furthermore, during the recent past, quantitative techniques have become more commonplace and more sophisticated. These principles and some of the current developments in scientific risk management will be presented at various points in this reading material. In time these guides to risk management will be improved and new ones will be created, but sound judgment will continue to play an important role.


   2.5.1 Risk Identification

Risk identification is the process by which an organization is able to learn areas in which it is exposed to risk. Identification techniques are designed to develop information on sources of risk, hazards, risk factors, perils, and exposures to loss. It seems quite logical to inquire in to the sources of organizational risks at this particular moment. A discussion of the sources is presented below. Sources of Risk

Sources of risk are the sources of factors or hazards that may contribute to positive or negative outcomes. Sources of risk can be classified in several ways. For instance, the following sources of risk represent one listing:

  1. Physical Environment. Clearly, the physical environment is a fundamental source of risk. Earthquakes, drought, or excessive rainfall can all lead to loss. The ability to fully understand our environment and the effects we have on it - as well as those it has on us - is a central aspect of this source of risk. The physical envi­ronment may be the source of opportunity as well, for example, real estate as an investment, agribusiness, and weather as a contributing factor to tourism.
  2. Social Environment. Changing traditions and values, human behavior, social struc­tures, and institutions are a second source of risk.
  3. Political Environment. Within a single country, the political environment can be an important source of risk. A new party can move the nation into a policy di­rection that might have dramatic effects on particular organizations (new stringent regulations on toxic waste disposal). In the inter­national realm, the political environment is even more complex. Not all nations are democratic in their form of government, and some have very undemocratic atti­tudes and policies toward business. Foreign assets might be confiscated by a host government or tax policies might change dramatically. The political environment also can promote positive opportunities through fiscal and monetary policy, en­forcement of laws, and the education of the population.
  4. Legal Environment. the expected laws and directives may be issued by the government which may render risky environment to the businesses operating in the country. In the international domain, complexity increases be­cause legal standards can vary dramatically from country to country. The legal environment also produces positive outcomes in the sense that rights are protected and that the legal system provides a stabilizing influence on society.
  5. Operational Environment. Processes and procedures of an organization generate risk and uncertainty. A formal procedure for promoting, hiring, or firing employees may generate a legal liability. The manufacturing process may put employees at risk of physical harm. Activities of an organization may result in harm to the environment. International businesses may suffer from risk or uncertainty due to unreliable transportation systems. The operational environment also provides gains, as it is the ultimate source of the goods and services by which an organization succeeds or fails.
  6. Economic Environment. Although the economic environment often flows directly from the political realm, the dramatic expansion of the global marketplace has created an environment that is greater than any single government. Although a particular government’s actions may affect international capital markets, control of capital markets is beyond the reach of a single nation. Inflation, recession, and depression are now elements of interdependent economic systems. On a local level, interest rates and credit policies can impose significant risk on an organization.
  7. Cognitive Environment. A risk manager’s ability to understand, see, measure, and assess is far from perfect. An important source of risk for organizations is the difference between the perception of the risk manager and reality. The cognitive environment is a challenging source of risk to identify and analyze. The analyst must contemplate such questions as “How do we understand the effect of uncertainty on the organization? and “How do we know whether a perceived risk is real?” An evaluation of the cognitive environment partly addresses the distinction between risk and uncertainty as defined in Chapter 1. Identification of Exposures

A given peril or hazard can originate in any one of several environments. Fire, for example, could arise from the physical environment (a lightning strike) or the social environment (arson, civil unrest). Sources of risk are essentially of no concern to an organization unless that organization is exposed or vulnerable to the perils that arise from those environments. Therefore, an important aspect of risk identification is exposure identification. Although in the broadest sense an entire organization is at exposure to risk, it is useful to develop categories of exposures for analytical purposes. This reading material considers four categories of risk exposures: physical asset exposures, financial asset exposures, liability exposures, and human exposures.

  1. Physical Asset Exposures. Ownership of property gives rise to possible gains or losses to physical assets and to intangible assets (goodwill, political support, intel­lectual property), that arise from these exposures. Property may be damaged, de­stroyed, lost, or diminished in value in a number of ways. The inability to use property for a period of time, the so-called time element loss, is often overlooked by individuals and organizations. Conversely, property exposures to risk may result in gain or enhancement.
  2. Financial Asset Exposures. Ownership of securities such as common stock and mortgages creates this type of exposure. This exposure can occur either from own­ership of the security or when the organization issues a security held by others. A financial asset conveys rights that are enumerated in financial terms, such as the right to receive income or the right to purchase an asset at a specified price. Unlike physical property, loss or gain to a financial asset can occur without any physical change in the asset itself. Often these gains and losses occur as a consequence of changing market conditions or changes in the value of the rights conveyed by the security as perceived by investors.
  3. Liability Exposures. Obligations imposed by the legal system create this type of exposure. Civil and criminal law detail obligations carried by citizens; state and federal legislatures impose statutory limitations on activities; governmental agen­cies promulgate administrative rules and directives that establish standards of care. Legal obligations that differ from country to country are an increasingly important aspect of this area.
    Unlike property exposures to risk, liability exposures do not have an upside. That is, liability exposures generally can be considered pure risks. It is true that the law establishes rights as well as obligations, and the enforcement of a right can re­sult in a gain.
  4. Human Asset Exposures. Part of the wealth of an organization arises from its investment in humans: the human resources of the organization. Possible injury or death of managers, employees, or other significant stakeholders (customers, Se­cured creditors, stockholders, suppliers) exemplifies this type of exposure. Human asset exposures also can lead to gains, as exemplified by improvements in produc­tivity. One might, for example, view a highly technical piece of machinery as source of loss (worker injury) and gain (increased productivity). In such a case, the risk management strategy is likely to incorporate elements that will reduce the potential for loss while maximizing the likelihood of gain (employee training, for instance). As a final note, loss of human assets does not always imply physical harm. Economic insecurity is a common type of loss, unemployment and retire­ment being excellent examples. Both the physical and economic welfare of human beings are components of this type of exposure to risk. The Range of Risk Identification Techniques

How is risk to be identified? Where would you begin to start the task of identifying risk in a major factory complex, a shopping center, an airport, a department store chain, a bank? Do you expect that you would arrive at the premises, assuming always that the actual premises existed and that we were not concerned with risks at the planning stage, with a clipboard to begin the task? The world of industry and commerce is far too complex and sophisticated to allow for proper risk identifica­tion simply by a ‘walk round the premises’.

Specific techniques will have to be employed to aid your identification of risk. However, no one method for risk identification will be appropriate for all forms of risk, or even for similar forms of risk in different situations. There is a range of tech­niques available and these techniques can be clas­sified in a number of ways.

  • Some are best used on site, while others are ‘desk based’ methods not requiring site visits.
  • Some will be more appropriate to the develop­ment stages of a project, while others are best used once the project has been commissioned and is up and running.
  • There are qualitative techniques which make little or no use of statistical measurement and others which are highly quantitative in their ap­proach.
  • Certain techniques are very general in their ap­proach to risk, while others are extremely de­tailed, even microscopic, in their approach.
  • There are techniques, which are very appropri­ate for post-loss situations, while others are pri­marily for use prior to any loss having taken place.

These divisions highlight the variety of techniques, which are available, but in themselves the divi­sions have no practical value. What they do un­derline is the fact that there are different ways in which risk can be identified and that techniques do exist to match particular needs. As we work our way through the techniques, we will suggest the advantages and disadvantages of each one and where each one could be used.

Organizational Charts

We start the list of risk identification techniques with organizational charts. These are intended to highlight broad areas of risk rather than specific, individual risks such as fire, security or liability. The organizational chart encourages the risk iden­tifier to take a birds-eye view of the organization: to stand back and above the day-to-day operation and take stock of the risks which exist. This term ‘risk identifier’ does need some explanation. In many organizations there will be a risk or insur­ance manager employed whose job, in part, will be the identification of risk. Where no risk man­ager exists, it may be that the insurance company performs the risk identification function. In other cases, an insurance broker or consultant may take on the role of identifying risk. The term risk identi­fier is intended to refer to anyone who has the task of identifying risk.

Most organizations will have charts of some kind or another. Even if they are only in publicity mate­rial, there will be some starting point for building a suitable organizational chart. It is wise to involve as many people as possible in the construction of the chart, in order to ensure that it is not unrealis­tic or over-simplistic in its make-up.

Physical Inspections

The organizational chart took a very broad view of the risks to which an organization could ex­posed. The physical inspection of premises, plant or processes takes a different approach. Everyone understands what is meant by physical inspection, it is possibly the most common and best under­stood of all the techniques available.

The inspection of plant, processes or premises can be a time-consuming job, and the nature of so many industrial sites is that they are complex. Prior to the actual visit, it is necessary to do some preparation work so that time is not wasted during the visit itself. This preparatory work would include finding out exactly what processes were carried out at the premises, the nature of the service or product manufactured, the nature  of the machinery, the physical layout of the premises and the details from the last physical inspection if there has been one. All of this information will help and may cut down the time you have to spend on as­certaining basic information during the visit. The visit should be kept for the identification of risk, not the finding of information, which was available before the visit.


Checklists deal with the particular problem of the time-consuming nature of physical inspections. The basic idea of the checklist is that a pro-forrna is sent to the site for completion by someone there. This dispenses with the need for a physical inspec­tion and hence cuts the time and cost of identifi­cation.

The checklist acts as the source of information about risk. It really takes the place of the personal visit and so it has to be drawn up very carefully. It is wise, when constructing a checklist for the first time, to consult as widely as possible in order to ensure that all aspects of risks are taken into account. In particular, the following points are worth keeping in mind:

The checklist should be simple to understand

  • The checklist should be free from ambiguity.
  • The checklist should be short
  • The checklist should not be threatening

Having given careful thought to the construction of the form, there is one final decision, which has to be made, and that relates to the style of the checklist.

Flow charts

We move now to a far more detailed form of risk identification than either the organizational chart or the checklist, and one which is more specific in its identification than the physical inspection.

In many organizations there is some kind of flow. This could take the form of:

  • Production flow, where raw materials come in at one end of a process and a finished product emerges at the other end. There was an identifi­able flow through the system.
  • Service flow, where there may not be raw mate­rials but the business may depend on flow of another form. It could be the flow of people, as in the case of a restaurant or hotel.
  • Money flow, as in the case of a bank or an insurance company. Money comes in at one end and various promises are made, the effects of which are seen at some later date.

In each case there are various stages in the flow, and at each stage there are risks which could impede or halt the flow. Any interruption to the flow will have consequences for revenue and profit. A flow chart can be used to identify the key stages, and structure the analysis of the risks at each stage.

The Financial Statement Method

The financial statement method was pro­posed by A.H. Criddle (1962). Although this approach was intended for private or­ganizations, the concepts of the financial statement approach can be generalized in public sector organizations as well. By analyzing the balance sheet, operating statements, and supporting documents, Criddle maintains, the risk manager can identify property, liability, and human asset exposures of the organization. By cou­pling these statements with financial forecasts and budgets, the risk manager can discover future exposures. Financial statements reveal this information because every organizational transaction ultimately involves either money or property.

Under this method, each account title is studied to determine what potential risks it creates. The results of the study are reported under the account titles. Crid­dle argues that this approach is reliable, objective, based on readily available data, presentable in clear, concise terms, and able to be applied by either risk managers or professional consultants. Moreover, it translates risk identification into financial terminology familiar to other managers, accountants, and bankers. Although Crid­dle does not suggest that the financial statement method could be used to identify both speculative and pure risks, many account titles would be expected to include both types.

Interactions with Other Departments

Frequent interactions with other departments provide another source of information on exposures to risk. These interactions may include oral or written reports from other departments on their own initiative or in response to a regular reporting system that keeps the risk manager informed of developments. The importance of such a communications network should not be underestimated. These departments are constantly creating or becoming aware of exposures that might otherwise escape the risk manager’s attention. Indeed, the risk manager’s success in risk identification is heavily dependent on the cooperation of other departments.

Unfortunately, risk managers often hear about new exposures long after they are created. In developing interactions with other managers and departments, the risk manager must overcome the natural reluctance of others to reveal unfavorable information. Most managers would not be expected to reveal activities that create the potential for unfavorable developments. A critical task for a risk manager is to persuade others that revealing possibly unfavorable information is in their own interest. Incentives for revealing this type of information can be tied to the organization’s system for allocating the cost of losses. For example, losses arising from unreported activities could result in a penalty when charged against a manager’s account. To avoid confusion and possible ill will, the existence of such a penalty should be clearly communicated to managers at the same time they are asked for information on risk-creating activities.

Interactions with Outside Suppliers and Professional Organizations

In addition to communicating with other departments, the risk manager normally interacts with outsiders who provide services to the organization. These outsiders, for example, might include accountants, lawyers, risk management consultants, actuaries or loss-control specialists. The objective would be to determine whether the outsiders have identified exposures that otherwise would be missed. Possibly, the outsiders themselves may create new exposures.

Involvement with professional organizations and use of published material is another valuable source of information. For example, the annual meeting of the Risk and Insurance Management Society normally includes sessions focusing on specific problems faced by areas of industry. In addition, a number of organiza­tions that focus on specialized areas of risk management have been formed in re­sponse to demands of risk managers in these areas.

Contract Analysis

Many of an organization’s exposures to risk arise from con­tractual relationships with other persons and organizations. An examination of these contracts may reveal areas of exposures that are not evident from the organi­zation’s operations and activities. In some cases, contracts may shift responsibility to other parties.

Statistical Records of Losses

Where available, statistical records of losses can be used to identify sources of risk. These records may be available from risk man­agement information systems developed by consultants or, in some cases, the risk manager. These systems allow losses to be analyzed according to cause, location, amount, and other issues of interest.

Statistical records allow the risk manager to assess trends in the organization’s loss experience and to compare the organization’s loss experience with the experi­ence of others. In addition, these records enable the risk manager to analyze issues such as the cause, time, and location of the accident, to identify the injured in­dividual and the supervisor, and any hazards or other special factors affecting the nature of the accident. Common patterns or frequently appearing sets of circum­stances point toward issues requiring special attention. For example, if ladders ap­pear frequently as a cause of accidents, the organization’s risk manager is well ad­vised to investigate ladders and their use and possibly set up a training program on safe practices.

When a significant amount of data on past losses is available, the risk manager may use this information to develop forecasts of loss costs. These forecasts may be developed through trending or loss development. Forecasts obtained using loss development are extremely useful in budgeting for programs in which an organization directly pays costs using its own funds (i.e., a self-insurance program). An organization that uses its own funds to pay the cost of work-related injuries or to provide health benefits to its own employees has a vital interest in projecting costs of the program.

Incident Reports

A network of information sources can be very useful in iden­tifying possible losses. Ideally, the information provided through this network should include not only reports of accidents and near accidents, but also reports of incidents that could have resulted in injury or damage but presumably did not. Frequently, good fortune and luck allow a person to escape without injury from an incident that posed a serious threat. Information on these events is useful in preventing injury or damage if the circumstances are repeated, but only if the risk manager is aware of the potential problem.

A system for reporting of incidents usually includes a form for recording important information. In addition to date, time, location and identity of parties involved in the incident, the form should request information that later could prove helpful in preventing similar occurrences or mitigating the injury or damage if it occurs. In designing the form, a risk manager should recognize that a long period of time may elapse between the recording of the information and its incorporation into an injury-prevention program. As an example, some areas of regulation require employers to keep records of employee exposure to hazardous materials for 30 years beyond the period of employment. The records offer evidence on the degree of care exercised by the employer, but only to the extent that information is complete and specific.

Comments appearing earlier in the section entitled “Interactions with other Departments” are especially applicable to incident-reporting systems. Essentially, a risk manager is asking others to reveal information that reflects unfavorably on their housekeeping practices. For example, a risk manager of a hospital who is concerned about the organization’s exposure to medical liability is requesting hospital employees to report mistakes such as incorrect administration of drugs that might reflect unfavorably on their own careers and reputation. Earning the trust of employees that the information will be used fairly removes an obstacle to the manager’s gaining their cooperation in this effort. Common Features of Risk Identification

We have looked at a number of individual tech­niques and it is now necessary to say something of a more general nature about the task of risk identi­fication, regardless of the technique selected. We can do this by commenting on a number of com­mon features of risk identification.

  • The task of risk identification must be given the proper priority in an organization. It’s an im­portant function, as many of the risks which are to be identified can put their way into the very core of the existence of the organization itself.
  • There is a range of techniques available and no one technique can be used in all situations. As we have dealt with each technique, we have commented on the relevant uses to which it can be put. Thought must be given to the na­ture of each risk and the best technique, or com­bination of techniques, selected.
  • The task of risk identification is a continuing one: the one-off exercise is of little value in many practical cases. The nature of industry is such that it is constantly changing and it is therefore essential that risk identification takes place at regular intervals.
  • Efficient record keeping is an important part of identification of risk. A great deal of valuable information is obtained at the time of risk iden­tification, and this should be stored carefully for later use and referral.
  • Other people, in addition to the risk identifier, should be involved in the process of risk identi­fication whenever possible. Organizations are complex and no one person will have all the knowledge which will be required to enable risks to be identified.
  • The cost of risk identification must be remem­bered. There is little point in spending Br.10 to identify risks which in the worst case can only ever cost Br. 1. Identifying risk is important, but it costs money and this cannot be over­looked.
  • Finally, a measure of common sense and imagi­nation are valuable attributes to have when fly­ing to identify risk.


2.5.2 Risk Measurement

Once the risk manager has identified the risks that the firm is facing, his next step would be the evaluation and measurement of the risks. Risk measurement refers to the measurement of the potential loss as to its size and the probability of occurrence.

The risk manager, by using available data from past experience, tries to construct a probability distribution of the number of events and/or the probability distribution of total monetary losses. This would, indeed, require knowledge of certain statistical techniques and concepts.  The probability distribution of number of events and/or total monetary losses would enable the risk manager to estimate, among other things, the size of possible monetary losses and the corresponding probabilities of occurrence.


2.6 Tools of Risk Management

After the risk manager has identified and measured the risks facing the firm, he or she must decide to handle them. There are two basic approaches. First, the risk manger can use risk control measures to alter the exposures in such a way as (1) to reduce the firm’s expected property, liability, and personnel losses, or (2) to make the annual loss experience more predictable. Risk control measures includes avoidance,  loss prevention and reduction measures,  separation, combination,  & some transfers.

Second, the risk manger can use risk-financing measures to finance the losses that do occur. Funds may be required to repair or restore damaged property, to settle liability claims, or to replace the services of disabled or deceased employees or owners. In some, the firm will decide not to restore the damaged property or replace the disabled or decreased person. Nevertheless, it may also have suffered a financial loss through a reduction in its assets or its future earning power. The tools in this second category include  those transfers, including the purchase of insurance, that are not considered under risk control devices and retention, which includes, “self insurance”.


   2.6.1 Risk Control Tools

1) Avoidance

One way to control a particular pure risk is to avoid the property, person, or activity with which the exposure is associated by (1) refusing to assume it even momentarily or (2) an exposure assumed earlier, most examples of risk avoidance fall in the risk category. To illustrate a firm can avoid a flood loss by not building a plant in a flood plain. An existing loss exposure may also be abandoned. For example, a firm that produces a highly toxic product may stop manufacturing that product. Similarly, an individual can avoid third party liability by not owning a car. Product liability can be avoided by dropping the product. Leasing avoids the risk originating from property ownership.

The major advantage of avoidance is that the chance of loss is reduced to zero if the loss exposure is not acquired. In addition, if an existing loss exposure is abandoned, the possibility of loss is either eliminated or reduced because the activity or product that could produce a loss has been abandoned.

Avoidance, however, has two disadvantages. First, it may not be possible to avoid all losses. For example, a company cannot avoid the premature death of a key executive. Similarly, a business has to own vehicles, building, machinery, inventory, etc… Without them operations would become impossible. Under such circumstances avoidance is impossible. In fact there are circumstances where avoidance is a viable alternative. For example, it may be better to avoid the construction of a company near river bank, volcano-prone areas, valleys, etc. because the risk is so great.

The second disadvantage of avoidance is that it may not be practical or feasible to avoid the exposure. For example, a paint factory can avoid losses arising from the production of paint. However, without any paint production, the firm will not be in business.

2) Loss Prevention and Reduction Measures

These measures refer to the safety actions taken by the firm to prevent the occurrence of a loss or reduce its severity if the loss has already occurred. Prevention measures, in some cases, eliminate the loss totally although their major effect is to reduce the probability of loss substantially. Loss reduction measures try to minimize the severity of the loss once the peril happened. For example, auto accidents can be prevented or reduced by having good roads, better lights and sound traffic regulation and control, fast first-aid service and control, fast first-aid service and the like. Loss prevention and Retention measures must be considered before the Risk manager considers the application of any risk financing measures.

Following are some examples of loss prevention and reduction plans.

Loss Prevention Measures:

  • Research on fire protection equipment and appliances.
  • Construction using fire insensitive materials.
  • Automatic smoke detectors, fire alarms.
  • Burglar alarms in costly business situation, jewelry, diamonds.
  • Locational choice, avoiding construction near petrol stations, chemical reservoirs, waste disposal areas, etc.
  • Tight quality control to prevent risk of product liability.
  • Educational programs to the public using available media.
  • Multiple suppliers, buffer stocks.
  • Safety measures, adequate lighting, ventilation, special work clothes to prevent industrial accidents.
  • Regular inspection of machinery to prevent explosions, breakdowns, etc..
  • Accounting controls (Internal Control).
  • Electronic metal detectors to check passengers for arms and explosives in the airline business.
  • Automatic gates at crossing lines to prevent collisions train and motor vehicles.
  • Warning posters (NO SMOKING!!  DANGER ZONE!!)


Loss Reduction Measures:  

  • Installing automatic sprinklers.
  • First aid kit
  • Evacuation of people, CHERNOBYL
  • Immediate clean-up operations, EXXON – VALDEZ, Alaska oil spill
  • Fire extinguishers, guards.

Appropriate measures take to prevent accidents bring benefits not only to the firm, but also to the society as well. For example, a destruction of inventory of a firm, could be a total loss to the firm in particular. The society also faces a real economic loss because those goods are no more available to people. Thus, the importance of Loss Prevention and Reduction measures should not be underestimated by a firm. To design effective LP and R measures, it may be helpful to identify the causes of accidents.

Some of the causes of accident and the possible Loss Prevention and Reduction measures are indicated below.

Causes of accidents

Loss prevention measures

- Working on dangerous equipment with less care

- Safety seminars, inspection at regular times

- Improper use of equipment

- Training, safety seminars

- Violating Safety Procedures and Regulations.

- Safety seminars, warning, dismissal

- Human error, Negligence

- Training, safety seminars

- Use of inappropriate tools

- Provide appropriate tools

- Lack of protective clothing

- Provide necessary protective clothing

- Use of defective equipment

- Regular inspection and maintenance

- Inadequate Knowledge about the job


- Working while physically ill

- Sick leave, don’t allow to work until recovery

- Mental Disturbance of employee

  Day-off to the employee

Date should be kept regarding accidents occurred. The causes of these accidents must be investigated. Pre-designed forms may be employed to report on accidents and their causes. This could allow for the design of a much better LP and R measures.

LP and R measures entail costs. These costs include expenditures for the acquisition of safety equipment and services, operating expenses such as salary payments to guards, inspectors, safety engineers and other employees engaged in safety work. Other costs are also incurred in connection with safety training and seminars. The risk manager will have to design the LP and R measures in the most efficient way in order to minimize such costs without reducing the desired safety level.

3) Separation

Separation of the firm’s exposures to loss instead of concentrating them at one location where they might all be involved in the same loss is the third risk control tool. For example, instead of placing its entire inventory in one warehouse the firm may elect to separate this exposure by placing equal parts of the inventory in ten widely separated warehouse. To the extent that this separation of exposures reduces the maximum probable loss to one event, it may be regarded as a form of loss reduction. Emphasis is placed here, however, on the fact that through this separation the firm increases the number of independent exposure units under its control. Other things being equal, because of the law of large number, this increase reduces the risk, thus improving the firm’s ability to predict what its loss experience will be.

4) Combination/Diversification

Combination is a basic principle of insurance that follows the low of large numbers.  Combination increases the number of exposure units since it is a pooling process. It reduces risk by making loses more predictable with a higher degree of accuracy. The difference is that unlike separation, which spreads a specified number of exposure units, combination increases the number of exposure units under the control of the firm.

In the case of firms, combination results in the pooling of resources of two or more firms. One way a firm can combine risks is to expand through internal growth. For example, a taxi-cab company may increase its fleet of automobiles. Combination also occurs when two firms merge or one acquires another. The new firm has more buildings, more automobiles, and more employees than either of the original companies. This leads to financial strength, thereby minimizing the adverse effect of the potential loss. For example, a merger in the same or different lines of business increases the available resources to meet the probable loss.

Diversification is another risk handling tool, most speculative risk in business can be dealt with diversification. Businesses diversify their product lines so that a decline in profit of one product could be compensated by profits form others. For example farmers diversify their products by growing different crops on their land. Diversification however, has limited use in dealing with pure losses.

5) Non-insurance Transfer

Transfer, the final tools to be discussed, may be accomplished in two ways. These are:

  • Transfer of the activity or the property. The property or activity responsible for the risks may be transferred to some other person or group of persons. For example, a firm that sells one of its buildings transfers the risks associated with ownership of the building to the new owner. A contractor who is concerned about possible increase in the cost of labor and materials needed for the electrical work on a job to which he/she is already committed can transfer the risk by hiring a subcontractor for this portion of the project.
    This type of transfer, which is closely related to avoidance through abandonment, is a risk control measure because it eliminates a potential loss that may strike the firm. It differs from avoidance through abandonment in that to transfer a risk the firm must pass it to someone else.
  • Transfer of the probable loss. The risk, but not the property or activity, may be transferred. For example, under a lease, the tenant may be able to shift to the landlord any responsibility the tenant may have for damage to the landlord’s premises caused by the tenant’s negligence. A manufacture may be able to force a retailer to assume responsibility for any damage to products that occurs after the products leave the manufacturer’s premises even if the manufacturer would otherwise be responsible. A business may be able to convince a customer to give up any rights the customers might have to give the business for bodily injuries and property damage sustained because of defects in a product or a service.


   2.6.2 Risk Financing Tools

      i.    Retention

Retention means that the firm retains part or all of the losses that result from a given loss exposure. Retention can be effectively used in a risk management program when certain conditions exist. First, no other method of treatment is available. Insurers may be unwilling to write a certain type of coverage, or the coverage may be too expensive. Noninsurance transfers may not be available. Loss control can reduce the frequency of loss, but not all losses can be eliminated. In these cases, retention is a residual method. If the exposure cannot be insured or transferred, then it must be retained.

Second, the worst possible loss is not serious. For example, physical damage losses to automobiles in a large firm's fleet will not bankrupt the firm if the automobiles are separated by wide distances and are not likely to be simultaneously damaged.

Finally, losses are highly predictable. Retention can be effectively used for workers' compensation claims, physical damage losses to automobiles, and shoplifting losses. Based on past experience, the risk manager can estimate a probable range of frequency and severity of actual losses. If most losses fall within that range, they can be budgeted out of the firm's income.

       ii.    Insurance

Commercial insurance can also be used in a risk management program. Insurance can be advantageously used for the treatment of loss exposures that have a low probability of loss but the severity of a potential loss is high.

If the risk manager decides to use insurance to treat certain loss exposures, five key areas must be emphasized.

  • Selection of insurance coverage’s
  • Selection of an insurer
  • Negotiation of terms
  • Dissemination of information concerning insurance coverage
  • Periodic review of the insurance programs


2.7 Selection of Risk Management Tools: Quantitative Approaches

This section discusses some quantitative approaches that may be used in selecting risk management tools. Two models are discussed: Expected Utility Models and The Worry Factor Model.

   2.7.1   Expected Utility Model

The expected utility model places emphasis on the risk manager’s attitude towards risk. This means that the model takes into account differences in risk attitude of risk managers. Risk managers are likely to assign varying utility points to a given monetary loss. As a result their decisions as to which of the risk management tools to select for a particular situation is likely to differ. Under this model, therefore, the risk manager is making a decision on the basis of expected loss of utility.

   2.7.2   The Worry Factor Model

This model tries to assign a monetary value to the mental stress (worry) that may experience because of the presence of risk. Consequently the monetary value assigned to this worry is treated as part of the cost of managing the risk.

To apply the worry model the Risk manager will have to follow certain steps.

  1. Determine the premium payment for each decision under consideration.
  2. Determine the expected value of uncovered monetary loss.
  3. Assign a worry value to the expected value of uncovered loss.
  4. Determine the total loss for each decision. The total loss can be calculated by summing up the premium, the expected value of the uncovered loss and the worry value.

What will be the decision rule?

The decision rule for this method is to select an alternative that has the lowest total loss.


2.8 Summary

Risk management is denned as a systematic process for identifying and evaluating pure loss exposures faced by an organization or individual, and for selecting and administering the most appropriate techniques for treating such exposures. All pure risks are considered, including those that are uninsurable.

  • There are several important differences between risk management and insurance management. First, risk management places greater emphasis on the identification and analysis of pure loss exposures. Second, insurance is only one of several methods for handling losses; the risk manager uses a wide variety of methods to handle losses. Third, risk management provides for the periodic evaluation of all methods for meeting losses, not just insurance. Finally, risk management requires the cooperation of other individuals and departments throughout the firm.
  • Risk management has several important objectives. Preloss objectives include the goals of economy, reduction of anxiety, and meeting externally imposed obligations. Postloss objectives include survival of the firm, continued operation, stability of earnings, continued growth, and social responsibility.
  • There are four steps in the risk management process. Potential losses must be identified. The potential losses must then be evaluated in terms of loss frequency and loss severity. An appropriate method or combination of methods for treating loss exposures must be selected. The risk management program must be implemented and properly administered.
  • The major methods for treating loss exposures in a risk management program are avoidance, retention, noninsurance transfers, loss control, and insurance.
  • Retention can be used if no other method of treatment is available, the worst possible loss is notserious, and losses are highly predictable. If retention is used, some method for paying losses must be sheeted. Losses can be paid out of the firm’s current net income; an unfunded or funded serve can be established to pay losses; the necessary funds can be borrowed; or a captive insurer can be formed.
  • The advantages of retention are that the firm may be able to save money on insurance premiums there may be a reduction in expenses; loss prevention is encouraged; and cash flow may be increased. The major disadvantages are the possibility of greater volatility in losses in the short run, of higher expenses if loss control personnel must be hired, and of possible higher taxes.
  • There are several advantages of noninsurance transfers. The risk manager may be able to transfer some uninsurable exposures; noninsurance transfers may cost less than insurance; and the potential loss may be shifted to someone who is in a better position to exercise loss control. However, there are several disadvantages. The transfer of a potential loss may fail because the contract language is ambiguous; the firm is still responsible for the loss if the party to whom the potential loss is transferred is unable to pay the loss; and an insurer may not give sufficient premium credit for the transfers.
  • Loss control is extremely important in a risk management program. Loss-control activities are designed to reduce both loss frequency and loss severity.
  • Commercial insurance can also be used in a risk management program. Use of insurance involves a selection of insurance coverages, selection of an insurer, negotiation of contract terms with the insurer, dissemination of information concerning the insurance coverages, and periodic review of the insurance program.
  • A risk management program must be properly implemented and administered. This involves preparation of a risk management policy statement, close cooperation with other individuals and departments, and periodic review of the entire risk management program.



Related Content