Академический Документы
Профессиональный Документы
Культура Документы
Contents
Introduction 1
Objectives 1
Learning resources 2
Reading 2
Online readings 2
Classification of risks 6
Pure risks and speculative risks 6
Objective risks and subjective risks 7
Economic and non–economic risks 8
© Deakin University
1 Establish the context 22
2 Identification and analysis 23
3 Development 23
4 Choice 26
5 Action 26
6 Monitoring 26
Review 28
Review questions 29
References 31
Further resources 31
Appendix 32
Suggested answers 33
Questions 33
Review questions 33
© Deakin University
Risk Management
Introduction
We commence the study of risk management with an examination of the scope
and nature of risk and those areas that are of significance to a risk manager.
Risk can be defined in a number of different ways, each suiting the particular
discipline that is making the examination. It is important that at the
commencement of this subject we clearly establish those risks that are of
significance to the risk manager.
The next step is to look at the role of risk management in an organisation. This is
done first by looking at how it fits into the overall management function, and
then by looking at how risk management can be integrated into and practised
by the departments within the enterprise. The coordinating role is undertaken
by the risk management department, and the role of this department is
examined. We survey the duties of the risk manager and of the risk management
department. The increasingly important role of the computer is considered.
The topic then looks at the risk management program, emphasising the need for
the involvement and support of the organisation. The objectives and value of
risk management are discussed, and the policy statement examined.
The topic concludes by looking at the risk management process, and describes
the formal approach to the function of risk management.
Objectives
At the completion of this topic you should be able to:
1
TO P I C 1
Learning resources
Reading
Williams, CA. & Heins, RM. 1989, ‘Introduction to risk and risk management’, in Risk
Management and Insurance, McGraw-Hill, New York, pp. 4–6, 11–12, 14–15.
Online readings
Please access the following readings via the web sites:
Head, G L 2004, ‘The duality of risk’, Risk Management Magazine, January 2004,
retrieved 28 October 2010,
<http://www.rmmagazine.com/MGTemplate.cfm?Section=RMMagazine&template=
Magazine/DisplayMagazines.cfm&AID=2223&ShowArticle=1>
Jablonowski, M 2004, ‘Facing risk in the 21st century’, Risk Management Magazine,
June 2004, retrieved 28 October 2010,
<http://www.rmmagazine.com/MGTemplate.cfm?Section=RMMagazine&template=
Magazine/DisplayMagazines.cfm&AID=2384&ShowArticle=1>
Louist, J 2003, ‘What makes an effective risk manager’, Risk Management Magazine,
June 2003, retrieved 28 October 2010,
<http://www.rmmagazine.com/MGTemplate.cfm?Section=RMMagazine&template=
Magazine/DisplayMagazines.cfm&AID=1990&ShowArticle=1>
O’Rourke, M 2004, ‘Standing out from the crowd’, Risk Management Magazine,
January 2004, retrieved 28 October 2010,
<http://www.rmmagazine.com/MGTemplate.cfm?Section=RMMagazine&template=
Magazine/DisplayMagazines.cfm&AID=2222&ShowArticle=1>
Sullivan, L 2004, ‘Part of the profit: risk management and the Bottom Line’, Risk
Management Magazine, April 2004, retrieved 28 October 2010,
<http://www.rmmagazine.com/MGTemplate.cfm?Section=RMMagazine&template=
Magazine/DisplayMagazines.cfm&AID=2315&ShowArticle=1>
2
Risk Management
A similar illustration concerns the Middle East where the merchants were taking
caravans across the Arabian desert. These caravans were subject to attacks by
bandits. If a merchant had all the stock in one caravan everything could be lost.
The merchant countered this situation by putting a portion of the merchandise
in several different caravans. As each caravan took a deliberately different route it
was quite unlikely that all caravans would be attacked and robbed. Thus the
merchant was able to ensure that at least part of the merchandise reached its
destination.
These are said to be early forms of insurance schemes, but that statement is
really not correct. It would be more accurate to say that these are in fact early
examples of risk management. Very simply put, risk management is the
identification, organising and managing of risks. That is something that we all do
every day, and indeed something that people have done since the beginning of
time.
The origins of this modern day approach can be traced to a number of large
corporations in the US and UK around the turn of the century. These
organisations had grown to a size where a position of insurance manager was
warranted. It was the responsibility of this person to protect the corporation
from risk by means of insurance contracts. With the passage of time it became
evident to these insurance managers that insurance did not hold all the answers
to their problems, and indeed there were other and better ways of handling
risks. It is from their pursuit and search for these better ways of coping with risk
that the process of risk management as we know it today has evolved. Managers
today are far more analytical than their predecessors. This is evidenced by the
concentration and study in such areas as operations research, management
accounting, market research, and so forth. The traditional insurance manager is
3
TO P I C 1
evolving more into a person who looks not only to insurance as a means of
handling risk, but as well links up with those who are responsible for fire and
accident prevention and security in order to develop a more integrated
approach towards risk.
The risk manager will seek policy guidance from the board as to their risk
appetite i.e. the amount of risk it is prepared to accept or what price they are
prepared to pay to avoid risk. The task of the risk manager necessitates a
thorough investigation of all the risks to which the business is exposed. This is a
continuing process, as any enterprise is dynamic. Therefore the risks associated
with the organisation are continually undergoing change. In addition to that,
insurable risks become entwined with pure risks.
This necessitates the risk manager having to consult with many different parts of
the organisation to ensure that all areas are catered for. The role of the risk
manager will vary according to the size of the enterprise. In a large organisation
there will be a person filling the role full time. In a small organisation the role is
likely to be filled by the manager of the organisation.
At the beginning of this topic, the examples of the Chinese farmers and the
Arabian merchants were outlined to show that they were practising a form of
risk management. To this end, it could be claimed that there is nothing new
about risk management. Risk management today draws on quite a number of
activities such as insurance, risk retention, and loss prevention, and brings them
together in a formal and integrated approach so that an overall program is
developed rather than something operating on a piecemeal basis.
QUESTION 1.1
In an organisation known to you, in which areas is risk management practised on an
informal basis? Write them down, describing the practices as concisely as possible. (Send
them in if you would care to have them checked by your tutor.)
READING
Please read Williams & Heins 1989, ‘Introduction to risk and risk management’ and read the
section titled ‘Why the study of Risk Management is important’. In this reading a number of
practical examples are given which reinforce the need for a formal approach to this area.
4
Risk Management
What is risk?
Before studying risk management we need to understand what is meant by the
term risk, and in particular what is meant by risk in the context of risk
management.
Risk, in insurance terminology, refers to the item which is insured, the insured
peril, the expected claims cost for a given policy, or as a general term for
unwanted and uncertain future events. In any insurance office the word risk is
used quite freely and can refer to any one of those meanings. Its meaning in any
particular situation can readily be established from the context in which the
word is used. To add to confusion, economists, bankers, and statisticians use the
word risk to measure the range of possible future outcomes. Risk can also refer
to the frequency or size of a potential loss that may result. However, when
talking of risk in relation to the topic of risk management we are not referring to
the term risk in any of these meanings.
Insurance theorists have had some difficulty in agreeing on the meaning of the
term ‘risk’. Professor Irving Pfeffer produced a definition which satisfies our
purposes here. He starts with the premise that all situations where the outcome
is unknown are regarded as uncertainties. These current or future situations,
should they occur, may produce some adverse consequence for us. From this
very large pool of uncertainties the question arises as to which are best suited
for handling by way of risk management or insurance. Those uncertainties that
fall into this category Pfeffer (1956, pp. 132–44) referred to as ‘risks’. He defined
an uncertainty as a risk where the future occurrence of the event could be
predicted mathematically using either:
• a priori probability, or
• empirical statistical means.
Anything that did not fall into these two areas he regarded as true uncertainties
which do not lend themselves to risk management or insurance.
1 The a priori method refers to a deductive probability where there are a fixed
number of outcomes and one estimates the probability of one of those
occurring. For example, on the toss of a coin what is the probability of
obtaining a head? There are two possible outcomes, either a head or a tail
(for the purpose of our exercise we shall discount the coin landing on its
edge). The probability of a head is one over two (1/2) or 0.5. In looking at the
probability of obtaining a six on the throw of a die we are looking at the
outcome of one event. There are six possible outcomes so the probability is
1/6 or .167.
2 Empirical statistical means is the more common method used in risks suited
for risk management and insurance. This embraces such events as houses
burning down or car accidents for example. We can look to the past,
establish what pattern has occurred, and then project that pattern into the
future on the assumption that the same pattern will occur. Therefore, if over
the past five years there have been an average of ten accidents occurring
5
TO P I C 1
per year, and if on investigation we feel that the position in the coming year
will be the same as those in the past, we would estimate that there will be
ten losses in the coming year. To arrive at this we have taken the average
over the past years, established what the probability of the loss occurring is,
(there will be ten accidents for every one hundred vehicles) and ascertained
that there will be one hundred vehicles in the coming year. Therefore, we
estimate that ten losses will occur.
The point should be made at this stage that probability theory is a long run
concept and that the results will only hold true over a long period. In the
short term there will be fluctuations, so whilst we can anticipate ten losses
to occur in a year, the actual results may, and indeed do, vary from those
expected. For example, we may find in the coming year that the losses are
twelve, the year after that eight, and so forth but that over a period of time
our average of ten will hold true. This has led some theorists to assert that
the real risk does not relate to the probability of loss, but rather to the
deviation of the actual results from those expected.
3 The third area to look at is that of true uncertainties. Falling into this
category would be the level of import duties to be charged by a
government for example. These remain true uncertainties because looking
to past government decisions is no guide as to what their future decisions
will be. It is not possible to calculate the results mathematically here, so
these areas remain true uncertainties.
QUESTION 1.2
Classify the following situations into risks and uncertainties in accordance with the
preceding definitions:
Classification of risks
Risk has been classified in many different ways. Whilst it is not proposed to
explain all of the ways that risk can be classified, some of the classifications are
discussed here, and their relevance to risk management highlighted.
6
Risk Management
house burns down or a car is involved in an accident, the owner suffers only a
loss, never a gain. The uncertainty concerning the occurrence of one of these
events may be termed pure risk.
Speculative risk covers most business risks such as those involving marketing,
production and financial decisions, which will be elaborated on shortly. Any
business faces both pure and speculative risk. Most, but not all pure risks, lend
themselves either to be handled through insurance or managed by a risk
manager.
Speculative risks are those which involve a profit or a loss situation. Any business
venture is, in fact, a speculative risk. The person entering into the business
invests funds or time or both and does so in the expectation that there will be an
increase in those funds; in other words, a profit. It is of course possible in any
business venture that the profit may not materialise and a loss might occur. The
simplest example of a speculative risk would be gambling. As with setting up a
business, the individual creates the risk personally. Prior to the business or
before entering into the wager, the money was not threatened at all. Once the
venture or wager has been entered into or made, the money is then at risk. It is
set on a course from which there will only be a profit or a loss.
From the discussion to this point it should be apparent that objective risk has
little or no real meaning when applied to a single event or a small number of
events. In a situation where the number of exposures is small, and objective risk
estimates cannot be made with a great deal of accuracy, the concept of
subjective risk can be useful in analysing the problem. Subjective risk may be
defined as the uncertainty of an event as seen or perceived by the individual.
This, of course, will vary from person to person according to that individual’s
attitude toward risk—between the risk lover who sees little danger or
uncertainty in the outcome of a situation and indeed prefers a situation where
there is a great deal of uncertainty in the outcome, and the ‘risk averter’ (one
who tends to avoid risk) who requires very high odds for success before
7
TO P I C 1
Of all the different classifications, the area that the risk manager is concerned
with is that of pure risk. Pure risk and business (speculative) risk are very much
intertwined. Take, for example, the purchase of a building. From the business
aspect there are considerations such as the returns to be achieved and the value
to the business for example. This is all part of the speculative nature of business
enterprise. That same building is also subject to the risk of loss as a result of fire
or storm. Such things fall in the province of pure risk and therefore into the area
of the risk manager. Arising out of the one action, the purchase of the building,
which appears to be a speculative risk, we also have the involvement of pure
risk. Throughout all facets of business invariably tied up with a speculative risk,
there is also a measure of pure risk.
Property risks
These include the destruction, damage, loss, theft or contamination of
productive or other physical assets. Some types of financial assets, such as cash,
stamps and negotiable instruments, can also be included under this heading.
Property risk includes not just assets owned by the insured, but also those for
which an entity is legally responsible, such as equipment which is leased. It can
extend further to property for which the enterprise feels there is a moral
responsibility—for example, employees’ clothing and effects where there is no
legal liability under an award or the like. Physical property includes both static
property, that is buildings, machinery and office furniture and moveable assets
such as vehicles, vessels, and aircraft. Changes in the methods of production,
distribution or financing of business can introduce new classes of property: for
example, containers for the carriage of goods changed responsibilities for
property losses. Another example is the changeover from buying to leasing of
plant.
8
Risk Management
Liability risks
Liability risks refer to incidents in which an entity is legally liable to third parties
for incidents which may involve injuries to persons (including employees) or
damage to their property. Liabilities can arise from many sources. They could
arise from the ownership of the property such as someone being injured by
slipping over on a highly polished floor, from activities carried on therein or
elsewhere, and from defects in the design or manufacture of products including
the failure to perform tasks for which they were sold. Losses can arise from the
failure to observe statutory and other regulations or to undertake repairs that
result in an accident. Apart from liability for damage to physical property, liability
may also arise out of the infringement of tangible property rights. The laws of
libel, slander and copyright not only apply to firms of publishers, as others may
be caught up in damages actions also. Advertising material, for example, may
prove libellous or in breach of copyright. Those providing professional advice
face liability for negligent advice.
Each country produces legislation and some of this legislation can create
liabilities. For example, in the State of Victoria in Australia the Occupier’s Liability
Act lays down areas in which property owners, or for that matter occupiers of
property, can have a legal liability to third parties. In addition, liabilities can arise
at common law, in particular under the torts of negligence, nuisance or even
trespass.
Liabilities also can arise under contract. An employer may incur liability for
accidents arising out of acts of employees or other agents whilst in the course of
their employment, and this can extend to include injuries to fellow employees.
These areas outline just a few of the huge range of areas in which liability can be
incurred and liability losses flow.
Personnel risks
Personnel risks cover injury, sickness or death to employees. In the event of the
death or serious disability of a key employee the business may incur additional
expense in having to replace that employee. If the employee had particularly
valuable skills and knowledge, the enterprise may have to employ one or more
replacements at a higher salary. This may be a short or long-term solution,
should the original employee die or become seriously disabled. Aside from that
expense, there are the additional expenses involved in advertising for and
engaging additional personnel.
9
TO P I C 1
QUESTION 1.3
Consider your own organisation. Write down the areas you can think of where exposures
such as those outlined above occur.
There are a couple of other types of losses that really fall within the headings of
those three already mentioned, although it is worth considering them here as
separate issues. These are:
Financial risks
This area can cover two elements: dishonesty, and business interruption.
(a) Dishonesty
Dishonesty takes several forms, such as:
Note: With the use of computers and credit cards, new potential exists for
identity fraud on a large scale. In recent years, white collar crimes have grown at
an alarming rate.
10
Risk Management
Reaction to risk
The way in which a person behaves in a situation of uncertainty illustrates that
person’s reaction to risk. Reaction to risk varies within an individual as well as across
a number of individuals. The greater the person’s uncertainty, the more strongly one
would anticipate that person would react. Factors which could influence the
reaction are the potential gains or losses involved, and the effects of these on the
person’s economic status. For example, a person may react more strongly to a
situation where the level of uncertainty is identical but the outcome varies, for
example the toss of a coin has equal result probability, but potential gains and
losses are $1000 instead of $10. A different reaction may result if the person was
wealthy or poor. A wealthy person may be more uncertain than a poor person about
the future but the wealthy person may have less to fear because their greater
wealth will cushion them from the effects of uncertainty. Differing personalities,
determined by hereditary and environmental factors and experience, will affect a
person’s reaction to risk. The same person may have a different reaction to risk at
different ages or in different situations in their life.
(Mehr & Hedges 1974, p. 4)
Individuals making decisions about risk should be aware of the effect of their risk
attitudes upon their decisions: on careful consideration they might decide to
alter these attitudes. When they are making decisions on behalf of another they
ought to examine the extent to which they should adopt the attitude of the
other, that is their decision should be influenced by the other party’s reaction to
risk. When decisions in these situations are delegated to someone else, a study
ought to be made of that person’s attitude towards risk to see how it affects the
decisions that person may make. In some situations it may be appropriate to
specify the attitude that ought to be assumed in making such decisions.
READING
Please read Williams & Heins 1989, ‘Introduction to risk and risk management’ and read the
section titled ‘Reaction to risk defined’. This gives more insights to this area.
11
TO P I C 1
The standard introduces the formal process for establishing a systematic risk
management program.
This starts with the establishment of a risk management policy. This should
include the organisation’s objectives and commitment to risk management. This
policy needs to be relevant to the organisation and based on the organisation’s
own objectives and take into account the nature of its business. The standard
requires that the organisation ensures that the policy is understood, maintained
and implemented at all levels in the organisation.
12
Risk Management
The tasks and persons responsible for each facet of the program, both in its
implementation and maintenance, are to be documented so all have a clear
knowledge of their responsibilities.
13
TO P I C 1
Risk management should permeate the entire enterprise. The responsibility for
the function rests with each department, with the risk management department
playing a coordinating role. It is also expected to develop initiatives, and to
provide assistance and advice to the departments of the enterprise to help them
carry out this risk management function.
These examples show how risk management can be carried out by other
departments in an enterprise:
Risk managers must also be diplomats, because although in most situations they
do not have authority over other departments (production, sales, etc.), they will
require those departments to implement aspects of a risk management
program. Moreover, as risk managers will rarely have the budgets necessary to
implement safety or protective strategies, they must convince other
departments of the need to implement these measures from their own funds.
When this is at little cost or interference with the department in question there
will probably not be a great problem in having the risk management measure
implemented, but where there is some cost or interference to another
department then the agreement from the department may not be so
forthcoming. This could, for example, be encountered with the implementation
of a safety measure which has the effect of slowing the production of the
department, increasing labour and other costs while producing the same
amount of goods. The risk manager may have an excellent argument for
introducing such a measure, but the department will need to be convinced of
the need in view of the extra costs. The principal point is that the risk manager
has limited authority. No doubt the whole matter could be referred to senior
management for a decision, but as well as slowing procedures this could create
future problems between the departments.
14
Risk Management
ONLINE READING
Please note: the following reading is only available online.
Please read Louisot 2003, ‘What makes an effective risk manager?’ which discusses the
different competencies a risk manager requires.
<http://www.rmmagazine.com/MGTemplate.cfm?Section=RMMagazine&template=Magazi
ne/DisplayMagazines.cfm&AID=1990&ShowArticle=1> retrieved 28 October 2010.
The first step is to convince the board and senior management. The language of
management is said to be the language of dollars. Showing management that
the implementation of a risk management program will benefit the enterprise
15
TO P I C 1
An area where costs are normally very high is workers compensation accidents.
In a company’s cost accounting system these amounts will be recorded at their
actual cost to date. This is a very misleading way for such losses to be viewed.
With any bodily injury loss situation the more serious losses take some time
before the full cost of them is ascertained. The most recently completed years
are seen as ‘green’ years as the loss history is not fully developed. Figure 1.1
depicts an enterprise’s losses.
The column for years 2004–2009 shows two sections. The lower is the actual
losses paid to date. The upper section is the predicted total losses for that year
when all losses have been finalised including the developed losses. If
management only saw the actual losses’ position they would get the impression
that losses were in fact decreasing. These would be the figures they would be
most likely to see, as the ‘developed’ and ‘predicted’ amounts require separate
calculations to be done. The ‘actual’ losses do not take account of the accrued
liability for unfinalised claims or IBNR (incurred but not reported) claims on
which there are still amounts to be paid.
16
Risk Management
In convincing management of the need for a formal risk management plan there
are a number of other factors that need to be considered. These are to establish:
• the objectives for the risk management program and show how these fit in
with the overall enterprise objectives;
• a risk management policy statement; and
• the value of a risk management program to the enterprise.
The goal of the risk management program is to manage the pure risk cost
associated with the assets and to manage them in such a way as to provide the
maximum return on funds invested, and thus contribute to the continued life of
the enterprise.
Mehr and Hedges (1974) grouped the goals or objectives of a risk management
program into post-loss objectives and pre-loss objectives. They can be described
as post-loss objectives in the event of a loss and pre-loss objectives even if no
loss occurs.
Pre-event objectives
Pre-event objectives include:
1 economy (cost);
2 reduction in anxiety;
3 meeting externally imposed responsibilities; and
4 social responsibility.
17
TO P I C 1
1 Economy
In this regard the enterprise lays down plans for what it feels is the most
economic way to deal with or handle the pre-loss goals. The risk management
process, described later in this topic, provides a systematic means of achieving
economy.
2 Reduction in anxiety
This objective relates to the mental strain caused by uncertainty that adequate
provisions exist to take care of the consequences of loss and the costs associated
with this anxiety. The second pre-loss objective is to reduce this anxiety or
concern to what Mehr and Hedgers refer to as ‘a quiet night’s sleep’, knowing
that a thorough investigation of the enterprise’s exposures has been completed,
and that a program has been developed to ensure that any possible
contingencies have been covered.
Examples include
(a) establishing safety standards required under the Occupational Health and
Safety Act; and
(b) arranging insurance if required, where a mortgage has been taken on a
property.
4 Social responsibility
This pre-event objective is similar to the last of the post-event objectives and
relates to good citizenship or social responsibility. It aims to ensure that
minimum disruption is caused not only to the enterprise itself and its employees
but also to the public at large. For example, an explosion in a chemical plant may
produce a toxic cloud which endangers nearby residents.
Some conflict could develop among these pre-event objectives. Take the
economy objective and the reduction in anxiety objective for example. It may
well be that the cost of reducing anxiety frustrates the economy objective. There
will be conflicts between different members within the enterprise, each of
whom is supporting the objectives they favour most strongly. In fact, conflicts
may arise with all objectives. Endeavouring to maintain the social responsibility
objective may be in conflict with the economy objective. Some externally
imposed obligations may be compulsory while others are negotiable, so that in
a given situation they may not all be achieved.
Post-event objectives
Post-event objectives can be defined at five levels. These levels state the
minimum acceptable position that management is aiming to achieve following a
loss. (This assumes that management want the business to continue). They are:
1 survival;
2 continuity of operations;
18
Risk Management
3 earnings stability;
4 continued growth; and
5 social responsibility.
1 Survival
This could be regarded as the most important post-event objective. The entity
wants to ensure that following a loss it will be able to survive, or to ensure that
provision is made for it to be able to resume operation at least in part. It may be
that the assets are considerably reduced, but with some assets it can continue.
2 Continuity of operations
This more ambitious objective seeks to ensure that the enterprise is able to
continue its operations at the same level, or approaching the same level, that it
was at before the loss occurred. An entity such as a public power, electricity or
gas utility would probably regard this goal as mandatory, because the
community depends upon their operation’s survival.
3 Earnings stability
At a higher level again, the goal here is to continue operations at no increase in
cost by providing funds to replace those earnings lost because of the
interruption. This differs from continuity of operations in that with the continuity
of operations option there may be a fall in earnings. In other words, continuity of
operations may be at some greater cost to the enterprise because of increased
overtime, additional imports, freight charges, or the like.
4 Continued growth
With this objective, the organisation aims for continued growth to uphold its
earnings level and to continue the growth pattern experienced to date. The
intention is to not allow the loss encountered to impair the growth cycle in any
way. This contrasts starkly with the more typical case in which, for example, an
enterprise whose principal factory is closed down for some period of time has its
growth cycle interrupted, and most likely is impaired permanently because the
custom which had been built up over time has gone and established new
connections during the period of closure. The enterprise may find that it never
wins back those customers, and the end result is that the enterprise’s growth
potential is reduced.
5 Social responsibility
This is the ultimate post-event objective, an achievement beyond all of those
objectives discussed so far. It involves going a step further, endeavouring to see
that all who may be affected from a loss, for example, employees, customers,
suppliers and indeed the general public at large, are affected as little as possible.
This objective may also be supported by public relations considerations,
ensuring the maintenance of a good image of the organisation.
To achieve this public relations image it is necessary not only to do good but
also to appear to do good. This is achieved by making the community aware of
the enterprise’s social consciousness or sense of moral responsibility which
advocates that any losses impact on others minimally. A risk management
program that protects customers, suppliers, employees and the general public
19
TO P I C 1
against losses will go some way to ensuring that an enterprise satisfies its social
responsibility objectives, and generates some favourable public reaction if there
are disruptions in the enterprise’s operations or if the activities of the enterprise
cause injuries to persons or properties.
These comments use trading organisations as examples. But the same position
holds true for all entities, profit making and non-profit making alike. Non-profit
making bodies also need to control and provide for their pure risks. They are
exposed to them in the same ways as are profit making entities, and reducing
risks leaves more funds for their principal activities. Furthermore, it is possible
that by running a more cost-effective operation, that is, less vulnerable to risk,
they are in a better position to attract funds for their principal activities.
QUESTION 1.4
Sort the following into pre- or post-event objectives:
• survival;
• economy;
• continuity of operations;
• earnings stability;
• reduction in anxiety;
• social responsibility;
• continued growth; and
• meeting externally imposed responsibilities.
Check back in the relevant sections of the Study Guide to verify your decisions.
• sets out the goals and objectives of the risk management function;
• defines the duties, authority and responsibilities of the risk management
department;
• coordinates the treatment of loss exposures on a similar basis throughout all
areas of the enterprise;
• establishes and improves existing communication channels and
management information systems; and
• provides for program continuity and facilitates transition during time of
personnel changes in the risk management department.
For the risk management department, the statement sets the guidelines by
which the department operates. It indicates to the department the approach to
be taken with respect to the retention and transfer of risk. In addition it will
20
Risk Management
usually indicate the position of the risk management department within the
enterprise chart, emphasising the importance of risk management within the
organisation. A sample statement is set out in Appendix A at the end of this topic.
Proper risk management will improve profits directly and indirectly. Profits can
be increased directly by reducing expenses. Economy, a pre-loss objective, is
achieved by selecting the most economical techniques consistent with post-loss
objectives and implementing these techniques in the most economical fashion.
As an example, an enterprise may reduce its expenses because the risk manager
chooses to introduce a loss prevention measure.
A business that can worry less about pure exposures because of effective risk
management is financially and psychologically better prepared to seek out
speculative opportunities that may increase its profits. For example, if a business
feels secure in the way it has managed its present property loss exposures, it
may consider more favourably a proposal to purchase future properties.
Risk management allocates pure loss exposure costs among the products,
services or markets serviced by the business. This allocation produces a more
accurate picture of the profitability of various products, services or markets, thus
permitting the enterprise to direct its activities in the most profitable directions.
It does this by recognising the cost of pure risk as an important component of
product cost.
Risk management techniques can benefit a family through the family making
provision for any future financial disasters that may befall them. The times of
these disasters will be traumatic ones for the family, but they can be more
effectively managed when provision has been made for them. In the absence of
such provision, the result may be personal bankruptcy, family break-ups or a
greatly reduced standard of living.
21
TO P I C 1
important risk financing technique but has also meant a change in attitude and
approach on the part of the insurers. In what ways have these changes
occurred?
In order to obtain the respect and business of risk managers, insurers and
brokers need to be familiar with the risk management approach to handling
losses. Insurers and their representatives need to appreciate that their product is
simply one of the techniques for handling loss exposures. Risk managers of large
firms are becoming more knowledgeable, so increasingly insurers are called
upon to provide products and services based as much on what the risk manager
wants to buy as on what the insurers want to sell. This represents a substantial
change in the practice of insurers. Insurers and brokers have responded to this
new demand through the provision of risk appraisal, advisory and claims
handling services. These facilities are available on both a national and
international basis.
ONLINE READING
Please note: the following reading is only available online.
Please read O’Rourke 2004, ‘Standing out from the crowd’ which discusses ways a risk
manager can assist their underwriter in achieving their goals.
<http://www.rmmagazine.com/MGTemplate.cfm?Section=RMMagazine&template=Magazi
ne/DisplayMagazines.cfm&AID=2222&ShowArticle=1> retrieved 28 October 2010.
22
Risk Management
needs to be aware of both the internal and external factors that might affect
their ability to handle any risk whether they be legal, social, environmental,
technological and of course economic factors. For instance, every organisation
will have occupational, health and safety legislation they need to comply with
and could affect what their business does or how they operate. A risk manager
cannot control the legislation that affects them but they can control the ways in
which they comply with this legislation.
Establishing the context means you must also know the key stakeholders of the
organisation. Stakeholders are those that are affected by the risk manager’s
decisions. They will include a range of people from the obvious like employees,
managers and customers to the not so obvious like unions, financial institutions,
government, service providers and suppliers. All of these people will have
different needs and concerns that the risk manager needs to be aware of.
Once the exposures are identified the next step is to analyse the frequency of
losses that may flow and also their magnitude (referred to as ‘severity’).
3 Development
The purpose of this step is to consider all possible practical measures for
handling loss exposures, including not only the means by which the cost of
losses can be met, but also ways in which losses can be reduced. In later topics,
these techniques will be dealt with in detail.
Broadly the techniques can be divided into two areas:—control techniques and
financing techniques.
23
TO P I C 1
Risk avoidance is another form of risk control. It should be emphasised that risk
avoidance is only used as a last resort. It would be used in situations where the
costs flowing from the loss are far greater than the benefits of the activities
involved. For example, an enterprise involved in the manufacture of
pharmaceutical products may have a very profitable product which it is
considering sending to the North American market. Because of the potential for
extremely large product liability suits, the enterprise may feel that this risk far
outweighs any profits that they may achieve, and as a result decide to avoid the
risk by not exporting to that market.
Provision must still be made for the remaining risks. The enterprise needs to plan
to meet the consequences of these losses. There are two approaches used
here—(i) risk retention and (ii) risk transfer.
QUESTION 1.5
What risks can you think of that fall into the inertia category? Jot some down.
• The third, and hopefully in any enterprise the most common way, is planned
risk retention. In this instance the enterprise is aware that risks exist, but the
risks have been analysed and the enterprise has decided it will meet these
risks out of its own funds, which have been developed with this contingency
in mind. (This area will be treated in more detail at a later stage.) Losses that
come under this heading are low in severity but the frequency could be low
or high.
Examples of low severity situations are broken windows, which occur fairly
infrequently and when they do occur the cost involved is quite small. Such
losses would most likely be written off as a maintenance cost. This would be
provided for each year in the enterprise’s maintenance budget.
24
Risk Management
(ii) Risk transfer is the other risk financing technique and can be broken into
two areas:
• Non-insurance
This heading also appears under the control techniques. An example of non-
insurance appearing under the heading of financing techniques would be a
transfer by way of contract. For example, under a lease agreement, the
tenant may be held responsible for all losses in relation to the property
whilst it is being leased to that tenant. Thus, in the event of a loss occurring,
the cost of that loss is passed to the tenant. This aspect will be covered in
detail in a later topic.
QUESTION 1.6
What other situations can you think of that would be classed as transfer by non-insurance
means? Write several down.
• Insurance
This is by far the most common type of risk transfer. It is transfer by way of
contract, except that the contract here is an insurance contract. In other
sections of your course, you will have examined in detail the types of risks,
and the ways in which they can be covered under insurance contracts.
Prior to looking at insurance as the form of risk transfer, a number of
strategies should have been developed and costed. For example, the cost of
implementing loss control techniques will need to have been taken into
account. The fitting of a sprinkler system can have a dramatic effect on the
reduction of potential losses, but at the same time the installation cost of
that system and its ongoing maintenance must also be considered. The
relationship between risk retention and transfer, particularly insurance
transfer, needs to be explored. The most common areas weighed up here
will the range of differing deductible levels on an insurance contract to see
which offers the most economical combination to the body seeking control
of losses. These must be examined by the risk manager to see which
particular level best suits the enterprise.
25
TO P I C 1
4 Choice
Having developed a range of strategies, it is now necessary to choose the
appropriate combination of strategies to make up the risk management
program. This would be done by senior management or the board.
The combination of techniques chosen will be those that provide the most
economical yet most effective combination; that is the combination which is
capable of achieving the desired goals using the least expensive means.
There are many factors that must be taken into account. The principal of these is
financial considerations. All measures to control and finance potential losses are
at some cost. What needs to be considered when evaluating the strategies is
their cost and when the finance will be needed.
Other considerations include the level of pre- and post-loss objectives of the
enterprise. These objectives are discussed later when you look at the goals of risk
management. There are also the legal, financial and humanitarian aspects to be
taken into account and these temper the purely financial criteria approach.
5 Action
Having decided on the methods or strategies the enterprise intends to follow,
these strategies need to be put into practice.
6 Monitoring
Businesses are continually undergoing changes and the same is true of the pure
losses that are associated with business. To this end it is necessary to continually
monitor the risk strategies or risk program to ensure that it is continuing to fulfil
its purpose. Initially the monitoring is to ensure that the program is operating in
the way intended. Continual monitoring ensures that the program keeps up to
date with the changes that the enterprise is undergoing. These changes may
lead to the creation of new risks and elimination of others; the increase or
decrease of some risks; priorities may change; and some risk treatments
strategies in place may become less effective.
ONLINE READINGS
Please note: the following readings are only available online.
26
Risk Management
Sullivan 2004, ‘Part of the profit: risk management and the bottom line to help understand
the function of risk management’,
<http://www.rmmagazine.com/MGTemplate.cfm?Section=RMMagazine&template=Magazi
ne/DisplayMagazines.cfm&AID=2315&ShowArticle=1> retrieved 28 October 2010.
These three rules are invaluable in considering any risk management situation
whether it be a commercial or a private one.
27
TO P I C 1
READING
Please read Williams & Heins 1989, ‘Introduction to risk and risk management’. This brings
together the areas that have been considered in this topic and sets the scene for the
succeeding topics.
Review
A number of definitions of risk have been examined with a view to establishing
those areas of risk that are of significance to the risk manager. The risk manager
is concerned with pure risks that are also economic risks. These risks can be
either objective or subjective, depending on the amount of information that we
have about the risk.
In establishing the program, goals need to be set and these goals ideally will
coincide with the company’s own goals.
In the final section of the topic, the risk management process was discussed. This
initially involved the identification and analysis of risks, followed by the
development of strategies for the handling of those identified risks. Next a
particular combination of strategies that best suit the enterprise was chosen. At
this step senior management or the board decides on a particular set of
strategies from the options developed, implements those strategies and,
importantly, monitors them. Since any business is a dynamic one and as such is
continually changing, the risk management program also needs to be able to
change so that it still suits the needs of the business.
28
Risk Management
Review questions
REVIEW QUESTION
1.1
From the following situations identify:
REVIEW QUESTION
1.2
From the following situations give:
(a) the different classes of pure risk that could arise; and
(b) examples of each.
The information given in each case is brief. It is up to you to think through the possible
loss situations that could arise.
(i) A fire occurs at the premises of Sutton & Co. It was thought that the fire was
started from the negligent burning of an incinerator by an employee of Sutton &
Co.
(ii) Smith & Co. are vehicle repairers. They have been advised that the brakes on a
truck they serviced recently have failed. Details of injury and damage are not
known yet.
(iii) The warehouse of Cozy Co. is located by a large river. The river level rose during
recent storms, flooding the warehouse.
The following are very brief descriptions of enterprises. Indicate the types of pure
losses that could be encountered.
(iv) Bloggs’ Supermarkets is a small chain that operates only in the city of Melbourne.
The company has a staff of 300 and operates 10 stores. These supermarkets are
serviced by one central warehouse.
(v) Deakin University has 32 000 students and operates on four campuses.
(vi) The All Religions church is a large group that operates throughout the country. Its
functions are the same as any major church group which, apart from worship
activities, includes a range of social functions such as refuge shelters, emergency
accommodation, meals for needy people, welfare support and the like.
(vii) Think of the municipal governing body in the shire or city in which you live and
answer the question in relation to that local government authority.
29
TO P I C 1
REVIEW QUESTION
1.3
Bert Johnson is the Risk Manager for New Look Products Ltd. As risk management deals with
pure risks what, if any, interest does Bert have in the company’s speculative risks?
REVIEW QUESTION
1.4
In considering pure risks there was discussion on loss of income resulting from damage to
the property of others. As the income referred to is ‘business profit’, or speculative risk, then
how can this be considered as a source of pure risk?
REVIEW QUESTION
1.5
Briefly describe the six steps in the risk management process.
REVIEW QUESTION
1.6
How can risk management increase business profitability?
REVIEW QUESTION
1.7
Apart from profit increase what other benefits flow from risk management?
REVIEW QUESTION
1.8
List some of the objectives within each of the two major classifications of risk management?
REVIEW QUESTION
1.9
Why would one enterprise choose different objectives from another?
REVIEW QUESTION
1.10
Is survival a reasonable post-event objective? If so, explain.
30
Risk Management
References
Fayol, H. 1949, General Industrial Management, Pitman, New York.
Mehr, R. I. & Hedges, B. 1974, Risk Management: Concepts and Applications, Irwin,
Homewood, Illinois.
Pfeffer, I. 1956, Insurance and Economic Theory, Irwin, Homewood, Illinois.
Further resources
Baranoff, EG 2003, Risk Management and Insurance, Wiley & Co.
Best, R. K. c. 1975, The role of the Australian risk manager, unpublished paper,
pp. 28–34.
Bieber, R. 1991, ‘The making of a risk manager’, Risk, vol. 3, no. 1, Feb., pp. 32–5 and vol. 3,
no. 2, Mar., pp. 32–4.
Bruce, A. J. c. 1975, Risk management information: Collection, allocation, interpretation,
unpublished paper, pp. 146–55.
Carter, R. L. & Dougherty, N. A. 1974, ‘The development and scope of risk management’,
Handbook of Risk Management, Kluwer-Harrap Handbooks, London.
Dorfman, M 2005, Introduction to Risk Management and Insurance, Pearson/Prentice Hall.
Rejda, GE 2004, Principles of Risk Management and Insurance, Addison Wesley.
Trieschmann, J, Sommer, D and Hoyt, R 2005, Risk Management and Insurance, 12th edn.,
Thompson Learning.
Vaughan, EJ and TM 2002, Essentials of Risk Management & Insurance, Wiley & Co.
Viciulus, P. 1991, ‘Concept of risk management’, Risk, vol. 2, no. 7, Dec.–Jan., pp. 40–1.
Weber, H. T. 1990, ‘Implementing a practical risk management program’, Australian Risk
Management, vol. 1, pp. 18–19, 31–2.
31
TO P I C 1
Appendix
To achieve this objective Management at all levels will take a proactive stance in
reviewing all aspects of operation to:
• identify risks;
• quantify risks;
• retain risks; and
• transfer risks.
Insurance will be regarded only as a final solution in the risk transfer process to
deal with risks of a catastrophic nature. The negotiation and purchase of
insurance cover to deal with these particular exposures will be through the Risk
and Insurance Department.
Loss control, Safety and Rehabilitation will be the prime responsibility of the
Cost Centre Managers.
Reginald Smithers
Managing Director
32
Risk Management
Suggested answers
Questions
QUESTION 1.2
(a), (c) and (e) are all examples of risks. The occurrence of such incidents can be
calculated mathematically. In (b) and (d) the changes cannot be predicted as
they are the result of government decisions—some direct, others indirect.
QUESTION 1.5
Some examples include a company purchasing a car but not arranging
insurance immediately, or taking on a new employee without arranging workers
compensation cover.
QUESTION 1.6
Two examples of risk transfer by non-insurance means are:
(b) A car parking station where a sign informs you that you park at your own
risk.
Review questions
REVIEW QUESTION
1.1
(i) (a) Pure risk—Damage to building.
Speculative—So far as the value of the investment is concerned.
(b) The risk manager should be involved but only in relation to the cost of
pure risk associated with the building.
33
TO P I C 1
REVIEW QUESTION
1.2
(i) Property—Damage to building and contents.
Liability—Liability for damage to surrounding property, employees.
Personnel—Injury to employees.
Financial—Loss of income due to the interruption of the business.
34
Risk Management
REVIEW QUESTION
1.3
Bert is interested in speculative risk decisions to the extent that they also involve
pure risks. For example Bert’s enterprise buys a building as an investment. The
investment aspect of the transaction is a speculative risk. With the ownership of
that building comes some pure risks. The building can burn down or can be
exposed to other risks of loss or damage all of which are pure risks. Bert needs to
be involved in providing for these. In deciding on the investment Bert should
have input to the extent that he can advise on the cost of pure risk associated
with the investment. This cost can be taken into account when the enterprise is
calculating its expected return on the investment. In any business situation pure
risks are invariable tied in with speculative risks.
REVIEW QUESTION
1.4
In this case the speculative risk of the party suffering the damage is a pure risk to
the enterprise.
REVIEW QUESTION
1.5
The five steps in the risk management process can be memorised with the
mnemonic CIDCAM which stands for:
35
TO P I C 1
REVIEW QUESTION
1.6
By producing the most economical means of managing risk, expenses are
reduced and therefore profits are increased. Using a formal approach means that
all areas are looked at, the full range of control and financing measures are
considered and a program is developed which ensures the most economical and
beneficial approach to the enterprise.
REVIEW QUESTION
1.7
Other benefits that can flow from risk management are:
REVIEW QUESTION
1.8
As discussed in the Study Guide these objectives fall into two areas:—pre-event
and post-event. Pre-event applies if no loss occurs. Risk management achieves
the following goals:
If a loss does occur, then one must refer to that range of objectives which have
already been determined in advance to meet this situation. These options were
discussed in detail in the Study Guide and you should review them. They range
from survival to continued growth and social responsibility.
36
Risk Management
REVIEW QUESTION
1.9
With the post-event objectives, different firms will have different expectations.
Some may not be able to afford the cost of the higher objectives. Others,
because of different attitudes towards risk, may be prepared to accept a lower
objective and release the extra funds needed to attain higher levels in
speculative areas of the business.
REVIEW QUESTION
1.10
If survival is all that is sought, so long as all outcomes have been thought
through, then that is a reasonable post-loss objective. It would suggest that the
principals are high risk takers as selecting survival would make regaining the
market very difficult.
37