The Risk Management Process

In practice, risk management consists of certain logical steps: identification, measurement and evaluation control through reduction or elimination, and finance.

Risk Identification:

The first phase – risk identification – is really the key to the whole process. The risk manager begins by identifying all of the resources for which his organization is responsible. These resources or assets may be human, financial, material or environmental. He then considers all of the potential exposures to loss.

To assemble and maintain this information requires the risk manager to have thorough knowledge of the firm’s business activities and to develop an intelligence network among fellow employees that will continuously feed appropriate risk data. Methods used to identify risk include: regular meeting with managers and supervisors, site inspections, surveys, examination of written contracts, analysis of financial reports, risk management committee meetings, insurance company loss prevention report, analysis of historical loss experience and a close awareness of operational developments within the specific industry.

Risk identification requires perseverance, diplomacy, imagination and, above all, an awareness of changes taking place within the firm. Nearly all operational and procedural changes will in some manner create risk, reduce risk, or eliminate risk. The challenge for the risk manager is to say informed. The guru mantra for Risk Manager is : “Ask questions – be nosey”.

 The process of identification may be relatively simple or highly complicated, depending on the size and nature of the organization. For instance, in a small company, identification may involve only a single plant and a single product. But in a large multinational firm, it could be a massive undertaking involving hundreds of divisions or subsidiaries located around the world. Risk identification can also be as simple as locating a cracked sidewalk that could trip a customer or employee, or as complex as determining what the firm’s liability could be for the negligence of a subcontractor.

Risk tends to fall into one of three categories: asset, income, or legal liability. Asset or property risks are highly visible and are usually easy to identify. These are loss exposures from fire or explosion, or from natural disasters, such as floods, hurricanes, earthquakes, tornadoes or mudslides. Crime, theft and vandalism are other forms of property risk, as are oil spills and plane crashes.

Questionnaires and checklists have been developed to help risk managers locate property risks and trigger such questions as: Are fire regulations observed in areas where flammable materials are in use?  Is there sufficient security at the office? What are the chances of an earthquake damaging the plant? The answers to these and other questions are critical to risk control.

Income risks usually accompany property loss and may occur if business is interrupted due to an accident. For instance, if a plant burns down, the firm suffers an obvious property loss. But the loss of income during the time it takes to rebuild or transfer the operation must also be taken into account.

To determine income risks, the risk manager must ask the right questions. If vital machinery breaks down, how long will it take to replace it?  What would happen if a power failure were to occur? If a supplier of components or other services is lost, how long would it take to find another?

Finally, there are legal liability risks. These risks are often the hardest to identify and potentially the most devastating. Consumer lawsuits resulting in compensatory damages of crores of rupees are now common and, in class action suits involving plane crashes or pharmaceuticals, punitive awards could be as high as tens of crores of rupees.

Legal costs create another financial burden. To discover legal liability exposures, the risk manager must ask, “What if?” What if an employee falls down a flight of stairs and sues the company? What if someone driving the company car crashes into a school bus and children are killed? What if a product injures a consumer? What if the wastes dumped into a river cause pollution levels to exceed those sanctioned by the government?

Sometimes it may seem that the risk manager is nothing but a pessimist who sees danger around every corner and points out risks inherent in projects favored by other executives or in products and procedures that have been around for years. However, the unexpected can and often does happen. Knowing what the risks are is the first step in controlling them.

Risk Measurement and Evaluation

The second step in the risk management process is measurement and evaluation of risk in order to project the frequency and severity of future losses. It is appropriate to consider property risks separately from liability risks. For example, the maximum property loss (damages) that might be caused by fire is the current value to replace all physical assets that could be damaged or destroyed from a single event plus the consequential loss of income caused by impaired or curtailed operations. This maximum loss estimate is referred by propery insurance underwriters as the PML – Probable Maximum Loss or Possible Maximum Loss.

Liability Losses, on the other hand, are more difficult to measure in advance. The PML or amount of maximum loss will depend on the factual situation of a specific accident or event, the prevailing law, the degree of blame on the respective parties, the competency of lawyers and often the decision of a Court of Law.

Aside from attempting to estimate the maximum loss or damage from a single event, another important aspect of risk measurement is to forecast smaller losses that are expected These so-called expected losses are often referred to simply as a cost of doing business in that they are considered inevitable and no amount of safety or loss control activity can reduce them to zero.

Some companies now maintain detailed computer-based data on all losses, including such information as location, time, cause and financial impact. In many industries “incident reports” have become a key element in identifying loss trends. Trends can also be discerned in national statistics on type of losses, records of natural disasters in certain in certain geographic areas and studies of judicial decisions in liability cases.

Mathematical formulas can be used to project the probability and severity of loss. Sophisticated techniques such as Monte Carlo simulation, correlation and regression analysis, future research and probability theory can also be helpful. However, the wise risk manager knows that an understanding of the ever-changing world and the vagaries of human nature are just as important as mathematical formulas when it comes to evaluating risk.

Treatment of Risk :

As in medicine, when work-up has been completed and the problem identified and assessed, the next logical steps are prescription and treatment. The same is true in risk management. Risk control and risk finance, separate buy related activities are the two basic prescriptions for the treatment of risk.

Risk, the possibility of loss, represents a danger or a threat. To control risk one must eliminate, reduce or transfer it.

(a)        Risk Elimination or Reduction

Risk control through elimination or reduction is the third step in the process of risk management. Some risks can actually be eliminated – by deciding not to build a plant in an earthquake zone, or by not manufacturing products with substances that are harmful to workers or consumers. Risks that cannot be eliminated can be reduced through loss prevention programs. Fire exposure can be limited by installing smoke and sprinkler systems and by making sure that “no smoking” rules are enforced in areas containing flammable materials. Burglary and vandalism can be discouraged by employing guards and watchmen and installing fencing, spotlights and alarm systems. Employee injuries can be reduced through preventive maintenance by posting clearly written instructions for the operation of machinery and by requiring workers to wear hardhats, goggles and gloves in dangerous areas.

The risk of legal liability can be limited by instituting environmental protection programs, reducing the quantity of air, water and solid waste pollutants and designing and manufacturing products that are safe for public consumption.

Ideally, loss control programs should also include emergency catastrophe plans. For instance, if a plant were damaged by Fire or flood, the plan might outline recovery procedures. If a product defect should develop, the plan would describe procedures for public notification, methods of recall and corrective measures. If an executive were kidnapped, the plan would describe methods of communication, mobilization of authorities and dealing with ransom demands.

Although loss control programs may seem expensive, they are actually far less costly than the losses that might occur if no preventive measures were taken. In the long run, money spent on risk control is money well spent.

(b)        Risk Finance

Risk finance is the fourth and final stage of risk management. The issue boils down to two questions: how much risk should the company retain and how much should it transfer to an insurer? All companies will purchase some insurance, but the amount will vary depending on the nature and the needs of each organization. For instance how willing is the company to assume risk? How much can it afford to assume? Is the business prone to small, frequent and therefore predictable losses? Or must it also prepare for a rate, but potentially catastrophic loss? The answers to these questions are crucial, for they will help an organization determine the right balance between risk transfer and risk retention. The goal of risk finance is to have enough funds available after any loss so that the organization can continue to function and maintain a reasonable level of earnings.

Role of Insurance:

Insurance plays a crucial role in every risk management program, regardless of size. Whether it’s the sole funding mechanism or used in combination with a self insurance program, insurance will almost always represent the ultimate hedging device to protect the budget and the overall financial integrity of the firm against a single catastrophe or sharply skewed loss experience. Decisions regarding the use of insurance should be made first on the basis of coverage and service needs, and second on the basis of price.

To place insurance coverages solely on consideration of price, without careful regard for coverage and service afforded, is to practice bad risk management and is virtually indefensible upon the occurrence of a major uninsured claim or loss that could have been otherwise insured, for  the firm’s unwillingness to pay a slightly higher premium

Role of Self Insurance :

Some risk is retained (not transferred) by every business, sometimes consciously and other times not. Insurable risks, which have been identified and measured, can either be retained or transferred. There are two circumstances by which one retains risk: one is voluntary and the other involuntary. Voluntary risk retention is most often selected as an alternative to insurance. For example, to retain or not insure auto collision risks as opposed to buying insurance is an illustration of voluntary retention of risk. Involuntary retention concerns risks for which there is no or an extremely limited transfer (insurance) alternative available: for example, pollution, nuclear and war risks.

Financial incentive to retain risk in the form of deductibles, self-insured retention or non insurance is generally related to a premium offset; i.e., in exchange for an insured retaining a higher level of risk, underwriters will grant premium reductions. In determining the level of risk to retain, the risk manager must consider the historical loss experience for the particular risks being analyzed and then relate those past losses to the premium credits being offered by underwriters at the various levels of retention. In effect it becomes a trade off, more risk for less premium.

Combination of Insurance and Self Retention

Many companies now combine insurance with retention in the form of funded reserves. These reserves are allocated on the balance sheet for the sole purpose of offsetting losses. Funded reserves are essentially, self-insurance. Self-insurance is an appropriate vehicle to cover small, fairly predictable losses. However, neither funded reserves nor self-insurance are tax deductibles nor are such reserves usually large enough to cover catastrophic losses.

To deal with these problems, many large companies have formed insurance subsidiaries, known as captives. The idea is not new. Many of today’s mutual insurance companies were originally industry captives. Captive formation gained favour during the 1970s because of tight markets, first for property and, later, for liability lines of insurance. A major advantage is that the captive, as an insurance company, has direct access to reinsurance markets.

Many captives now assume third-party business – that is, risks other than those of its parent – and participate in reinsurance treaties. While some captives have a single parent, the trend now is for a group of companies in the same industry to form one together or under the auspices of their trade association. Essentially, they are pooling their risks.

Write-up by

Lajpat Ray Chandnani

710/A Ashok Chowk

Adarsh Nagar, Jaipur 302 004

Dial 0141 – 613009

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.