Topic 1

TOPIC 1
The concept of risk management

P R E PA R E D B Y C H R I S L A M I N G A N D T O M M C D O N A L D F O R T H E
UNIT TEAM
Contents
Introduction 1
Objectives 1
Learning resources 2
Reading 2
Online readings 2
The concept of risk management 3

What is risk management? How did it evolve? 3
What is risk? 5
Classification of risks 6
Pure risks and speculative risks 6
Objective risks and subjective risks 7
Economic and non–economic risks 8
Classification of pure risks 8

Property risks 8
Liability risks 9
Personnel risks 9
Financial risks 10
Reaction to risk 11
Management of risk in business 11

Risk management as part of the management function 13
The risk management department and its manager 14
The risk management program 15
The objectives of risk management 17

Pre-event objectives 17
Post-event objectives 18
The policy statement 20
The value of risk management 21
Impact of risk management on insurers 21
The risk management process 22
© Deakin University
1 Establish the context 22
2 Identification and analysis 23
3 Development 23
4 Choice 26
5 Action 26
6 Monitoring 26
Risk management rules 27

To elaborate a little on each of the rules: 27
Review 28
Review questions 29
References 31
Further resources 31
Appendix 32
Appendix 1.1: Risk management policy statement 32
Suggested answers 33
Questions 33
Review questions 33
© Deakin University
Risk Management
Introduction
We commence the study of risk management with an examination of the scope
and nature of risk and those areas that are of significance to a risk manager.
Risk can be defined in a number of different ways, each suiting the particular
discipline that is making the examination. It is important that at the
commencement of this subject we clearly establish those risks that are of
significance to the risk manager.
The next step is to look at the role of risk management in an organisation. This is
done first by looking at how it fits into the overall management function, and
then by looking at how risk management can be integrated into and practised
by the departments within the enterprise. The coordinating role is undertaken
by the risk management department, and the role of this department is
examined. We survey the duties of the risk manager and of the risk management
department. The increasingly important role of the computer is considered.
The topic then looks at the risk management program, emphasising the need for
the involvement and support of the organisation. The objectives and value of
risk management are discussed, and the policy statement examined.
The topic concludes by looking at the risk management process, and describes
the formal approach to the function of risk management.
Objectives
At the completion of this topic you should be able to:
• distinguish between risk and uncertainty;

• list and explain the categories of pure risk;
• explain the place of risk management in the general management function;
• describe the role of the risk manager and the risk management department;
• list and describe the pre-event objectives of a risk management program;
• list and describe the post-event objectives of a risk management program;
• describe a policy statement;
• describe the value of risk management; and
• explain the risk management process.
1
TO P I C 1
Learning resources
Reading
Williams, CA. & Heins, RM. 1989, ‘Introduction to risk and risk management’, in Risk
Management and Insurance, McGraw-Hill, New York, pp. 4–6, 11–12, 14–15.
Online readings
Please access the following readings via the web sites:
Head, G L 2004, ‘The duality of risk’, Risk Management Magazine, January 2004,
retrieved 28 October 2010,
<http://www.rmmagazine.com/MGTemplate.cfm?Section=RMMagazine&template=
Magazine/DisplayMagazines.cfm&AID=2223&ShowArticle=1>
Jablonowski, M 2004, ‘Facing risk in the 21st century’, Risk Management Magazine,
June 2004, retrieved 28 October 2010,
Louist, J 2003, ‘What makes an effective risk manager’, Risk Management Magazine,
June 2003, retrieved 28 October 2010,
O’Rourke, M 2004, ‘Standing out from the crowd’, Risk Management Magazine,
January 2004, retrieved 28 October 2010,
Sullivan, L 2004, ‘Part of the profit: risk management and the Bottom Line’, Risk
Management Magazine, April 2004, retrieved 28 October 2010,
2
Risk Management
The concept of risk management
What is risk management? How did it evolve?

In your study of insurance and insurance textbooks you may feel that insurance
has been around for several hundred years, yet risk management is a relatively
new concept. Those same textbooks relate instances of early insurance schemes.
The most popular one concerns Chinese farmers living in the upper reaches of
the Yangtze River ferrying their produce down the river to the markets through
treacherous rapids. We are told that many of the boats never made it to market,
and in those cases the farmer lost the year’s production. As you can imagine this
would have a devastating effect on the community whose crops were lost. To
counter this, the farmers devised a plan whereby they put a portion of their
crops in a number of different boats. In this way if one or several boats
foundered on the rapids the entire crop was not lost because a portion of their
crops was in other boats which made it through.
A similar illustration concerns the Middle East where the merchants were taking
caravans across the Arabian desert. These caravans were subject to attacks by
bandits. If a merchant had all the stock in one caravan everything could be lost.
The merchant countered this situation by putting a portion of the merchandise
in several different caravans. As each caravan took a deliberately different route it
was quite unlikely that all caravans would be attacked and robbed. Thus the
merchant was able to ensure that at least part of the merchandise reached its
destination.
These are said to be early forms of insurance schemes, but that statement is
really not correct. It would be more accurate to say that these are in fact early
examples of risk management. Very simply put, risk management is the
identification, organising and managing of risks. That is something that we all do
every day, and indeed something that people have done since the beginning of
time.
The development of risk management is part of a more general development of

management science. It represents a formal approach to the management of
risk and gives an organised and structured approach to the handling and
management of risk.
The origins of this modern day approach can be traced to a number of large
corporations in the US and UK around the turn of the century. These
organisations had grown to a size where a position of insurance manager was
warranted. It was the responsibility of this person to protect the corporation
from risk by means of insurance contracts. With the passage of time it became
evident to these insurance managers that insurance did not hold all the answers
to their problems, and indeed there were other and better ways of handling
risks. It is from their pursuit and search for these better ways of coping with risk
that the process of risk management as we know it today has evolved. Managers
today are far more analytical than their predecessors. This is evidenced by the
concentration and study in such areas as operations research, management
accounting, market research, and so forth. The traditional insurance manager is
3
TO P I C 1
evolving more into a person who looks not only to insurance as a means of
handling risk, but as well links up with those who are responsible for fire and
accident prevention and security in order to develop a more integrated
approach towards risk.
The risk manager will seek policy guidance from the board as to their risk
appetite i.e. the amount of risk it is prepared to accept or what price they are
prepared to pay to avoid risk. The task of the risk manager necessitates a
thorough investigation of all the risks to which the business is exposed. This is a
continuing process, as any enterprise is dynamic. Therefore the risks associated
with the organisation are continually undergoing change. In addition to that,
insurable risks become entwined with pure risks.
This necessitates the risk manager having to consult with many different parts of
the organisation to ensure that all areas are catered for. The role of the risk
manager will vary according to the size of the enterprise. In a large organisation
there will be a person filling the role full time. In a small organisation the role is
likely to be filled by the manager of the organisation.
Risk management embodies a comprehensive strategy towards risks. As a

science it seeks to identify the alternative methods an entity can adopt to handle
risk and to show the interdependence of these alternatives. The particular
strategy that an entity finally agrees on may be unique to that organisation. Each
organisation can utilise different methods of handling risk depending upon its
financial structure, the technical relationships within its processes, and the
economic conditions in which the organisation operates. Risk management is an
integral part of the management sciences and the risk manager is an important
member of the management team.
At the beginning of this topic, the examples of the Chinese farmers and the
Arabian merchants were outlined to show that they were practising a form of
risk management. To this end, it could be claimed that there is nothing new
about risk management. Risk management today draws on quite a number of
activities such as insurance, risk retention, and loss prevention, and brings them
together in a formal and integrated approach so that an overall program is
developed rather than something operating on a piecemeal basis.
QUESTION 1.1
In an organisation known to you, in which areas is risk management practised on an
informal basis? Write them down, describing the practices as concisely as possible. (Send
them in if you would care to have them checked by your tutor.)
READING
Please read Williams & Heins 1989, ‘Introduction to risk and risk management’ and read the
section titled ‘Why the study of Risk Management is important’. In this reading a number of
practical examples are given which reinforce the need for a formal approach to this area.
4
Risk Management
What is risk?
Before studying risk management we need to understand what is meant by the
term risk, and in particular what is meant by risk in the context of risk
management.
Risk, in insurance terminology, refers to the item which is insured, the insured
peril, the expected claims cost for a given policy, or as a general term for
unwanted and uncertain future events. In any insurance office the word risk is
used quite freely and can refer to any one of those meanings. Its meaning in any
particular situation can readily be established from the context in which the
word is used. To add to confusion, economists, bankers, and statisticians use the
word risk to measure the range of possible future outcomes. Risk can also refer
to the frequency or size of a potential loss that may result. However, when
talking of risk in relation to the topic of risk management we are not referring to
the term risk in any of these meanings.
Insurance theorists have had some difficulty in agreeing on the meaning of the
term ‘risk’. Professor Irving Pfeffer produced a definition which satisfies our
purposes here. He starts with the premise that all situations where the outcome
is unknown are regarded as uncertainties. These current or future situations,
should they occur, may produce some adverse consequence for us. From this
very large pool of uncertainties the question arises as to which are best suited
for handling by way of risk management or insurance. Those uncertainties that
fall into this category Pfeffer (1956, pp. 132–44) referred to as ‘risks’. He defined
an uncertainty as a risk where the future occurrence of the event could be
predicted mathematically using either:
• a priori probability, or
• empirical statistical means.
Anything that did not fall into these two areas he regarded as true uncertainties
which do not lend themselves to risk management or insurance.
Let us expand on these methods.
1 The a priori method refers to a deductive probability where there are a fixed
number of outcomes and one estimates the probability of one of those
occurring. For example, on the toss of a coin what is the probability of
obtaining a head? There are two possible outcomes, either a head or a tail
(for the purpose of our exercise we shall discount the coin landing on its
edge). The probability of a head is one over two (1/2) or 0.5. In looking at the
probability of obtaining a six on the throw of a die we are looking at the
outcome of one event. There are six possible outcomes so the probability is
1/6 or .167.
2 Empirical statistical means is the more common method used in risks suited
for risk management and insurance. This embraces such events as houses
burning down or car accidents for example. We can look to the past,
establish what pattern has occurred, and then project that pattern into the
future on the assumption that the same pattern will occur. Therefore, if over
the past five years there have been an average of ten accidents occurring
5
TO P I C 1
per year, and if on investigation we feel that the position in the coming year
will be the same as those in the past, we would estimate that there will be
ten losses in the coming year. To arrive at this we have taken the average
over the past years, established what the probability of the loss occurring is,
(there will be ten accidents for every one hundred vehicles) and ascertained
that there will be one hundred vehicles in the coming year. Therefore, we
estimate that ten losses will occur.
The point should be made at this stage that probability theory is a long run
concept and that the results will only hold true over a long period. In the
short term there will be fluctuations, so whilst we can anticipate ten losses
to occur in a year, the actual results may, and indeed do, vary from those
expected. For example, we may find in the coming year that the losses are
twelve, the year after that eight, and so forth but that over a period of time
our average of ten will hold true. This has led some theorists to assert that
the real risk does not relate to the probability of loss, but rather to the
deviation of the actual results from those expected.
3 The third area to look at is that of true uncertainties. Falling into this
category would be the level of import duties to be charged by a
government for example. These remain true uncertainties because looking
to past government decisions is no guide as to what their future decisions
will be. It is not possible to calculate the results mathematically here, so
these areas remain true uncertainties.
QUESTION 1.2
Classify the following situations into risks and uncertainties in accordance with the
preceding definitions:
(a) motor vehicle accidents

(b) change in import tariff levels
(c) houses burning down
(d) change in currency exchange rates
(e) workplace injuries
Classification of risks
Risk has been classified in many different ways. Whilst it is not proposed to
explain all of the ways that risk can be classified, some of the classifications are
discussed here, and their relevance to risk management highlighted.
Pure risks and speculative risks

These two classifications of risk are commonly referred to. Pure risk is that risk
where the event which occurs may cause a loss only, whilst speculative risk
involves events which may produce either a gain or a loss. For example, if a
6
Risk Management
house burns down or a car is involved in an accident, the owner suffers only a
loss, never a gain. The uncertainty concerning the occurrence of one of these
events may be termed pure risk.
Speculative risk covers most business risks such as those involving marketing,
production and financial decisions, which will be elaborated on shortly. Any
business faces both pure and speculative risk. Most, but not all pure risks, lend
themselves either to be handled through insurance or managed by a risk
manager.
Speculative risks are those which involve a profit or a loss situation. Any business
venture is, in fact, a speculative risk. The person entering into the business
invests funds or time or both and does so in the expectation that there will be an
increase in those funds; in other words, a profit. It is of course possible in any
business venture that the profit may not materialise and a loss might occur. The
simplest example of a speculative risk would be gambling. As with setting up a
business, the individual creates the risk personally. Prior to the business or
before entering into the wager, the money was not threatened at all. Once the
venture or wager has been entered into or made, the money is then at risk. It is
set on a course from which there will only be a profit or a loss.
Objective risks and subjective risks

Objective risk we will look at in more detail shortly when examining the law of
large numbers, but here it is sufficient to refer to our earlier discussions on
distinguishing between risk and uncertainty and assessing probability measures.
We saw, for example, that in the throwing of a die to obtain a six there was a one
in six chance of doing so. This does not mean that every sixth time the die is
thrown a six will appear. As mentioned, probability is a long run concept and
over time over a large number of throws of the die that situation will generally
hold true. Objective risk, then, is the measure of the degree of variation in the
proportion of actual from expected events. The degree of variation reduces as
the number of observed events increases. It therefore follows that the objective
risk declines or diminishes as larger numbers of events are involved.
Statisticians may express objective risk in terms of statistical error in sampling

from a larger universe of events. Risk managers are concerned with reducing or
eliminating objective risk experience in relation to exposures to loss. In reducing
objective risk, it is necessary to see that all of the statistical assumptions made in
estimation are fulfilled. This will be examined at a later point in the Study Guide.
From the discussion to this point it should be apparent that objective risk has
little or no real meaning when applied to a single event or a small number of
events. In a situation where the number of exposures is small, and objective risk
estimates cannot be made with a great deal of accuracy, the concept of
subjective risk can be useful in analysing the problem. Subjective risk may be
defined as the uncertainty of an event as seen or perceived by the individual.
This, of course, will vary from person to person according to that individual’s
attitude toward risk—between the risk lover who sees little danger or
uncertainty in the outcome of a situation and indeed prefers a situation where
there is a great deal of uncertainty in the outcome, and the ‘risk averter’ (one
who tends to avoid risk) who requires very high odds for success before
7
TO P I C 1
embarking on an adventure of any type. Subjective risk therefore is an

individual’s estimate or interpretation of what they consider to be the most likely
outcome based on the limited knowledge available. Clearly the individual’s
attitude toward risk will weigh heavily in the result produced.
Economic and non–economic risks

Economic and non-economic risks are sometimes referred to as financial and
non-financial risks. Risks divided this way refer to the monetary financial
economic consequences of the risk. Economic risks are those which carry with
them some financial or economic consequence. For example, if a house burns
down the owner has suffered a loss of an asset, a loss of economic power,
economic power being a reference to the amount of money or unit of exchange
that could be obtained for that house. Non-economic or non-financial risks are
those where some sort of adverse consequence occurs but do not carry any loss
of economic power. In general this latter area is of little consequence to risk
managers and insurers, so we will not dwell on it further.
Of all the different classifications, the area that the risk manager is concerned
with is that of pure risk. Pure risk and business (speculative) risk are very much
intertwined. Take, for example, the purchase of a building. From the business
aspect there are considerations such as the returns to be achieved and the value
to the business for example. This is all part of the speculative nature of business
enterprise. That same building is also subject to the risk of loss as a result of fire
or storm. Such things fall in the province of pure risk and therefore into the area
of the risk manager. Arising out of the one action, the purchase of the building,
which appears to be a speculative risk, we also have the involvement of pure
risk. Throughout all facets of business invariably tied up with a speculative risk,
there is also a measure of pure risk.
Classification of pure risks

Pure risks can be categorised into several headings:
Property risks
These include the destruction, damage, loss, theft or contamination of
productive or other physical assets. Some types of financial assets, such as cash,
stamps and negotiable instruments, can also be included under this heading.
Property risk includes not just assets owned by the insured, but also those for
which an entity is legally responsible, such as equipment which is leased. It can
extend further to property for which the enterprise feels there is a moral
responsibility—for example, employees’ clothing and effects where there is no
legal liability under an award or the like. Physical property includes both static
property, that is buildings, machinery and office furniture and moveable assets
such as vehicles, vessels, and aircraft. Changes in the methods of production,
distribution or financing of business can introduce new classes of property: for
example, containers for the carriage of goods changed responsibilities for
property losses. Another example is the changeover from buying to leasing of
plant.
8
Risk Management
In addition to the physical destruction or loss of property, losses may occur

through property being rendered unusable due to contamination. Foodstuffs
obviously fall into this category but other materials can be affected also.
In considering potential partial losses of property, it must be borne in mind that

repair or reinstatement in the same form as before may not always be possible.
Spare parts may not be obtainable for obsolete machines, and in looking at
repairs to an old building which is substantially damaged it may be necessary to
comply with new building regulations when repairs are effected.
Liability risks
Liability risks refer to incidents in which an entity is legally liable to third parties
for incidents which may involve injuries to persons (including employees) or
damage to their property. Liabilities can arise from many sources. They could
arise from the ownership of the property such as someone being injured by
slipping over on a highly polished floor, from activities carried on therein or
elsewhere, and from defects in the design or manufacture of products including
the failure to perform tasks for which they were sold. Losses can arise from the
failure to observe statutory and other regulations or to undertake repairs that
result in an accident. Apart from liability for damage to physical property, liability
may also arise out of the infringement of tangible property rights. The laws of
libel, slander and copyright not only apply to firms of publishers, as others may
be caught up in damages actions also. Advertising material, for example, may
prove libellous or in breach of copyright. Those providing professional advice
face liability for negligent advice.
Each country produces legislation and some of this legislation can create
liabilities. For example, in the State of Victoria in Australia the Occupier’s Liability
Act lays down areas in which property owners, or for that matter occupiers of
property, can have a legal liability to third parties. In addition, liabilities can arise
at common law, in particular under the torts of negligence, nuisance or even
trespass.
Liabilities also can arise under contract. An employer may incur liability for
accidents arising out of acts of employees or other agents whilst in the course of
their employment, and this can extend to include injuries to fellow employees.
These areas outline just a few of the huge range of areas in which liability can be
incurred and liability losses flow.
Personnel risks
Personnel risks cover injury, sickness or death to employees. In the event of the
death or serious disability of a key employee the business may incur additional
expense in having to replace that employee. If the employee had particularly
valuable skills and knowledge, the enterprise may have to employ one or more
replacements at a higher salary. This may be a short or long-term solution,
should the original employee die or become seriously disabled. Aside from that
expense, there are the additional expenses involved in advertising for and
engaging additional personnel.
9
TO P I C 1
QUESTION 1.3
Consider your own organisation. Write down the areas you can think of where exposures
such as those outlined above occur.
There are a couple of other types of losses that really fall within the headings of
those three already mentioned, although it is worth considering them here as
separate issues. These are:
Financial risks
This area can cover two elements: dishonesty, and business interruption.
(a) Dishonesty
Dishonesty takes several forms, such as:
(i) destruction, loss, damage or theft of tangible assets

(ii) matters arising from the dishonesty or inability of debtors to pay debts or
the dishonesty of employees.
Note: With the use of computers and credit cards, new potential exists for
identity fraud on a large scale. In recent years, white collar crimes have grown at
an alarming rate.
(b) Business interruption

Losses under this heading can flow from property, liability or personnel loss
situations. Take as an example anyone whose main factory is destroyed by fire.
Assume that it takes six months to rebuild that factory and return to production.
Throughout that time the factory is not producing goods so it is unable to
generate profit. Once the factory commences production it will take some time
for the enterprise to regain its sales position and re-establish the rate of gross
profit it was achieving before the fire. The enterprise is suffering a financial loss
through this period. The loss is not just confined to damage by the fire. The same
type of loss can flow from the breakdown of a large machine, for example a
printer’s printing press. In addition to the losses suffered through not being able
to produce goods and therefore generate profit, there are extra expenses
incurred, such as the cost of having work undertaken by other firms or by
installing office staff in temporary rented or leased premises. These are all
consequential losses incurred as a result of the interruption to the business.
Similarly, there may be additional expenditure and additional advertising
incurred once the factory is operating again in order to win back lost customers.
This advertising will be over and above the advertising normally done, an
additional expense which has the effect of lowering the profit that otherwise
would have been made.
In summary, risk management is a division of the broader branch of

management science. The purpose of risk management is to manage the costs
associated with pure losses by eliminating or reducing them, thereby increasing
profits and the return on invested time and funds.
10
Risk Management
Reaction to risk
The way in which a person behaves in a situation of uncertainty illustrates that
person’s reaction to risk. Reaction to risk varies within an individual as well as across
a number of individuals. The greater the person’s uncertainty, the more strongly one
would anticipate that person would react. Factors which could influence the
reaction are the potential gains or losses involved, and the effects of these on the
person’s economic status. For example, a person may react more strongly to a
situation where the level of uncertainty is identical but the outcome varies, for
example the toss of a coin has equal result probability, but potential gains and
losses are $1000 instead of $10. A different reaction may result if the person was
wealthy or poor. A wealthy person may be more uncertain than a poor person about
the future but the wealthy person may have less to fear because their greater
wealth will cushion them from the effects of uncertainty. Differing personalities,
determined by hereditary and environmental factors and experience, will affect a
person’s reaction to risk. The same person may have a different reaction to risk at
different ages or in different situations in their life.
(Mehr & Hedges 1974, p. 4)
Individuals making decisions about risk should be aware of the effect of their risk
attitudes upon their decisions: on careful consideration they might decide to
alter these attitudes. When they are making decisions on behalf of another they
ought to examine the extent to which they should adopt the attitude of the
other, that is their decision should be influenced by the other party’s reaction to
risk. When decisions in these situations are delegated to someone else, a study
ought to be made of that person’s attitude towards risk to see how it affects the
decisions that person may make. In some situations it may be appropriate to
specify the attitude that ought to be assumed in making such decisions.
READING
Please read Williams & Heins 1989, ‘Introduction to risk and risk management’ and read the
section titled ‘Reaction to risk defined’. This gives more insights to this area.
Management of risk in business

Risk is an integral part of business. When a business commences the
shareholders or proprietor puts up capital. The risk that the business will fail is
ever present. Throughout the life of a business the proprietor is continually faced
with risk. The successful management of that risk leads to a successful business.
The field of risk management has developed from the study of tools, procedures
and techniques that have proven successful in the management of risk. Our
focus on risk management in this unit is on those economic risks that are ‘pure’
risks.
The management of risk today is becoming increasingly difficult. All

organisations are being put under pressure to reduce expenses. Investors
seeking improved return on their funds seek increased profits. In an effort to
achieve this, costs are reduced. The equipment that was serviced every 20 000
hours is serviced every 25 000 hours—if there is no signs of ill effects this is
extended to 30 000 hours. Costs are saved and no detrimental effects result.
Periodically this extension goes too far and adverse consequences do result.
11
TO P I C 1
This scenario is one example of the pressures being put on management,

making the task of managing risk more difficult. When something does go
wrong the result can be spectacular: the Esso Longford gas plant explosion in
Victoria that left Melbourne without gas for two weeks; the power failure in
Auckland that left the central business district without power for a fortnight; the
contamination of Sydney’s water supply. Each of these incidents had their own
causes but the results in each case were quite devastating. Beyond the
spectacular situations that are well known there are many others that cause
disruption to varying degrees to organisations and result in loss of assets, time,
and sales and in other ways are a cost to the business. Part of the risk
management task is to endeavour to balance these conflicting interests so
efficiencies can be achieved and losses still avoided.
The importance of risk management is evidenced by the fact that Standards

Australia have produced a standard for it. This standard will be referred to
throughout the course but an introduction to it at this point looks at the
principal features.
Risk Management standard AS/NZS 4360:2004

The standard is a generic one that can be applied to all situations. It can be
applied to a whole organisation or a specific part of it. The preface to the
standard describes the risk management process as one that can be applied to
any situation where an undesired or unexpected outcome could be significant
or where opportunities are identified.
It sees risk management as an integral part of good management practice and,

for it to be effective, feels that risk management should become part of an
organisation’s culture. It should be integrated into the organisation’s philosophy,
practices and business plans rather than viewed or practised as a separate
program. This point is very important. Unless risk management practices are
built into each task or aspect of the business they become just an ‘add on’ with
the danger of being overlooked. When they are incorporated into every aspect
of the business and are made the responsibility of each employee, then they will
achieve their greatest effect.
The standard defines risk and risk management respectively as:

a logical and systematic method of identifying, analysing, evaluating, treating,
monitoring and communicating risks associated with any activity, function or
process in a way that will enable organisations to minimise losses and maximise
opportunities. Risk management is as much about identifying opportunities as
avoiding or mitigating losses.
The standard introduces the formal process for establishing a systematic risk
management program.
This starts with the establishment of a risk management policy. This should
include the organisation’s objectives and commitment to risk management. This
policy needs to be relevant to the organisation and based on the organisation’s
own objectives and take into account the nature of its business. The standard
requires that the organisation ensures that the policy is understood, maintained
and implemented at all levels in the organisation.
12
Risk Management
Responsibility is clearly put on management. The standard requires

management to appoint a senior person whose task is to ensure that:
• a risk management system is implemented in accordance with the

standard—and that the system is adequately maintained; and
• the performance of the system is reported to management for review and is
a basis for improvement.
The tasks and persons responsible for each facet of the program, both in its
implementation and maintenance, are to be documented so all have a clear
knowledge of their responsibilities.
The standard also requires management to provide adequate resources to

implement and maintain the program.
The standard requires a periodic review of the system by management.
Risk management as part of the management function

Risk management is part of the general management function and as such
involves the application of general management concepts. This can be seen in a
brief look at a definition of management. Henri Fayol, regarded as one of the
early authorities on management, defined it as follows:
To manage is to forecast and plan, to organise, to command, to coordinate and to
control. To foresee and plan means examining the future and drawing up the plan
of action. To organise means building up the dual structure, material and human, of
the undertaking. To command means maintaining activity among the personnel. To
coordinate means binding together, unifying and harmonising all activity and
effort. To control means seeing that everything occurs in conformity with
established rule and expressed command.
(Fayol 1949, pp. 5–6)
Risk management involves all these activities. Fayol, in his writings on

management, suggested that the activities of an industrial enterprise can be
divided into six basic functions. He nominated the following functions:
1 technical activities (production, manufacture, adaptation);
2 commercial activities (buying, selling, exchange);
3 financial activities (search for an optimum use of capital);
4 security activities (protection of property and persons);
5 accounting activities (stock taking, financial statements, costs, statistics); and
6 managerial activities (planning, organisation, command, coordination, control).
(Fayol 1949, pp. 3–6)
Fayol’s security function we refer to today as risk management, although it has

now expanded in function. Bearing in mind that Fayol wrote this in 1916—a very
early stage in the development of management science—the fact that this
security function was recognised demonstrates its importance in management.
13
TO P I C 1
Risk management should permeate the entire enterprise. The responsibility for
the function rests with each department, with the risk management department
playing a coordinating role. It is also expected to develop initiatives, and to
provide assistance and advice to the departments of the enterprise to help them
carry out this risk management function.
These examples show how risk management can be carried out by other
departments in an enterprise:
• Accounting department—segregation of duties and through the use of

internal auditing to reduce fraud.
• Marketing department—design of packaging and wording of labels to
minimise damage to products and to comply with trade practices
legislation.
• Production department—use of guards on machines to reduce employee
injury.
• Personnel department—employee safety and industrial hygiene.
• Legal department—use of standard contract terms to transfer or limit
financial liability.
The risk management department and its manager

The risk manager can come from a range of backgrounds, should be able to
handle all inquiries on insurance, and have a working knowledge of loss
prevention. The risk manager is not expected to be a technical expert in all areas
of loss control but must be in a position to know where to obtain advice when
needed. A good working knowledge of these areas is needed to enable the risk
manager to recognise problems when (or before) they arise, and to
communicate with various specialists.
Risk managers must also be diplomats, because although in most situations they
do not have authority over other departments (production, sales, etc.), they will
require those departments to implement aspects of a risk management
program. Moreover, as risk managers will rarely have the budgets necessary to
implement safety or protective strategies, they must convince other
departments of the need to implement these measures from their own funds.
When this is at little cost or interference with the department in question there
will probably not be a great problem in having the risk management measure
implemented, but where there is some cost or interference to another
department then the agreement from the department may not be so
forthcoming. This could, for example, be encountered with the implementation
of a safety measure which has the effect of slowing the production of the
department, increasing labour and other costs while producing the same
amount of goods. The risk manager may have an excellent argument for
introducing such a measure, but the department will need to be convinced of
the need in view of the extra costs. The principal point is that the risk manager
has limited authority. No doubt the whole matter could be referred to senior
management for a decision, but as well as slowing procedures this could create
future problems between the departments.
14
Risk Management
The makeup of a risk management department will vary considerably according

to its size. As mentioned before, in a smaller business the task of risk
management would be likely to be one of the manager’s duties. A small
department would comprise one person possibly expanding over time with the
inclusion of a loss prevention manager and a claims manager. Additions beyond
this would bring new areas of expertise to the department.
The medium department would probably add an insurance manager as well as

more expertise in the safety and loss prevention area. The overall numbers in the
department would grow in line with the amount of work to be done.
In a large department the risk manager would concentrate more on

management aspects than the technical aspects of risk management. Overall a
greater number of people in the department would handle the work but within
each area a greater degree of specialisation in the various aspects of insurance,
safety and claims handling would be evident.
The responsibilities of the department would include:
• identification, analysis, measuring and handling of risks;

• keeping of records such as insurance policies, insurance values and the like;
• monitoring and handling of losses;
• cooperation with other departments as much of the success of a risk
management department depends on a good relationship with the other
departments within the enterprise; and
• the formulation of policy relating to the risk management function.
• increasing risk awareness
ONLINE READING
Please note: the following reading is only available online.
Please read Louisot 2003, ‘What makes an effective risk manager?’ which discusses the
different competencies a risk manager requires.
<http://www.rmmagazine.com/MGTemplate.cfm?Section=RMMagazine&template=Magazi
ne/DisplayMagazines.cfm&AID=1990&ShowArticle=1> retrieved 28 October 2010.
The risk management program

The risk management program provides a systematic approach to the
management of pure risk faced by an enterprise. For such a program to be
successful it is necessary to have the full support of senior management. This is
best achieved at top level by having the entity establish a policy statement
issued by the board with the full and active support of the board and senior
management. If senior management pay only lip service to the program then it
will receive little support from others in the enterprise. The statement is
discussed later in the Study Guide.
The first step is to convince the board and senior management. The language of
management is said to be the language of dollars. Showing management that
the implementation of a risk management program will benefit the enterprise
15
TO P I C 1
financially is an excellent way of putting the case. An investigation in an

enterprise that does not currently have a risk management program will almost
certainly reveal a number of areas where improvements can be made. If it can be
shown that these improvements will ultimately save dollars then the concept
will gain management’s attention.
An area where costs are normally very high is workers compensation accidents.
In a company’s cost accounting system these amounts will be recorded at their
actual cost to date. This is a very misleading way for such losses to be viewed.
With any bodily injury loss situation the more serious losses take some time
before the full cost of them is ascertained. The most recently completed years
are seen as ‘green’ years as the loss history is not fully developed. Figure 1.1
depicts an enterprise’s losses.
Figure 1.1 XYZ Pty Ltd workers compensation losses 2004–2013
The column for years 2004–2009 shows two sections. The lower is the actual
losses paid to date. The upper section is the predicted total losses for that year
when all losses have been finalised including the developed losses. If
management only saw the actual losses’ position they would get the impression
that losses were in fact decreasing. These would be the figures they would be
most likely to see, as the ‘developed’ and ‘predicted’ amounts require separate
calculations to be done. The ‘actual’ losses do not take account of the accrued
liability for unfinalised claims or IBNR (incurred but not reported) claims on
which there are still amounts to be paid.
The upper portion of the first column—developed losses—shows the expected

cost of losses for that year when all losses are finally settled. This gives a different
picture. The trend that appears in the lower column is reversed and shows that
the losses for each year are in fact increasing. The next step is to extend the
trend shown by the developed losses and extend it into the future. This can be
done by looking back to past periods and ascertaining the loss development
pattern then using that pattern to project future losses. (In a later topic on loss
forecasting this will be covered in more detail.) Suffice to say at this point that
there are statistical methods for ascertaining these amounts.
16
Risk Management
The future year estimates—2010–2013—continue the increasing trend. Armed

with this knowledge, management can take steps today to halt the deteriorating
position and ensure that the trend is arrested. This rather simple illustration
shows the effectiveness of a formal approach to the management of risk that risk
management provides.
In convincing management of the need for a formal risk management plan there
are a number of other factors that need to be considered. These are to establish:
• the objectives for the risk management program and show how these fit in
with the overall enterprise objectives;
• a risk management policy statement; and
• the value of a risk management program to the enterprise.
Each of these points is worth examining in more detail.
The objectives of risk management

To gain the support of senior management, which is fundamental for the
success of any risk management program, the program should be designed to fit
in with the company’s overall objectives. Therefore the party drawing up the
program needs to be very familiar with the company’s objectives, including
organisational objectives and the need to produce sufficient profit to provide an
adequate return on shareholders’ investments. A number of objectives of a risk
management program are discussed in detail.
The goal of the risk management program is to manage the pure risk cost
associated with the assets and to manage them in such a way as to provide the
maximum return on funds invested, and thus contribute to the continued life of
the enterprise.
Mehr and Hedges (1974) grouped the goals or objectives of a risk management
program into post-loss objectives and pre-loss objectives. They can be described
as post-loss objectives in the event of a loss and pre-loss objectives even if no
loss occurs.
Pre-event objectives
Pre-event objectives include:
1 economy (cost);
2 reduction in anxiety;
3 meeting externally imposed responsibilities; and
4 social responsibility.
17
TO P I C 1
1 Economy
In this regard the enterprise lays down plans for what it feels is the most
economic way to deal with or handle the pre-loss goals. The risk management
process, described later in this topic, provides a systematic means of achieving
economy.
2 Reduction in anxiety
This objective relates to the mental strain caused by uncertainty that adequate
provisions exist to take care of the consequences of loss and the costs associated
with this anxiety. The second pre-loss objective is to reduce this anxiety or
concern to what Mehr and Hedgers refer to as ‘a quiet night’s sleep’, knowing
that a thorough investigation of the enterprise’s exposures has been completed,
and that a program has been developed to ensure that any possible
contingencies have been covered.
3 Meeting externally imposed obligations

Obligations imposed from outside the enterprise may be in the form of
government regulations.
Examples include
(a) establishing safety standards required under the Occupational Health and
Safety Act; and
(b) arranging insurance if required, where a mortgage has been taken on a
property.
4 Social responsibility
This pre-event objective is similar to the last of the post-event objectives and
relates to good citizenship or social responsibility. It aims to ensure that
minimum disruption is caused not only to the enterprise itself and its employees
but also to the public at large. For example, an explosion in a chemical plant may
produce a toxic cloud which endangers nearby residents.
Some conflict could develop among these pre-event objectives. Take the
economy objective and the reduction in anxiety objective for example. It may
well be that the cost of reducing anxiety frustrates the economy objective. There
will be conflicts between different members within the enterprise, each of
whom is supporting the objectives they favour most strongly. In fact, conflicts
may arise with all objectives. Endeavouring to maintain the social responsibility
objective may be in conflict with the economy objective. Some externally
imposed obligations may be compulsory while others are negotiable, so that in
a given situation they may not all be achieved.
Post-event objectives
Post-event objectives can be defined at five levels. These levels state the
minimum acceptable position that management is aiming to achieve following a
loss. (This assumes that management want the business to continue). They are:
1 survival;
2 continuity of operations;
18
Risk Management
3 earnings stability;
4 continued growth; and
5 social responsibility.
1 Survival
This could be regarded as the most important post-event objective. The entity
wants to ensure that following a loss it will be able to survive, or to ensure that
provision is made for it to be able to resume operation at least in part. It may be
that the assets are considerably reduced, but with some assets it can continue.
2 Continuity of operations
This more ambitious objective seeks to ensure that the enterprise is able to
continue its operations at the same level, or approaching the same level, that it
was at before the loss occurred. An entity such as a public power, electricity or
gas utility would probably regard this goal as mandatory, because the
community depends upon their operation’s survival.
3 Earnings stability
At a higher level again, the goal here is to continue operations at no increase in
cost by providing funds to replace those earnings lost because of the
interruption. This differs from continuity of operations in that with the continuity
of operations option there may be a fall in earnings. In other words, continuity of
operations may be at some greater cost to the enterprise because of increased
overtime, additional imports, freight charges, or the like.
4 Continued growth
With this objective, the organisation aims for continued growth to uphold its
earnings level and to continue the growth pattern experienced to date. The
intention is to not allow the loss encountered to impair the growth cycle in any
way. This contrasts starkly with the more typical case in which, for example, an
enterprise whose principal factory is closed down for some period of time has its
growth cycle interrupted, and most likely is impaired permanently because the
custom which had been built up over time has gone and established new
connections during the period of closure. The enterprise may find that it never
wins back those customers, and the end result is that the enterprise’s growth
potential is reduced.
5 Social responsibility
This is the ultimate post-event objective, an achievement beyond all of those
objectives discussed so far. It involves going a step further, endeavouring to see
that all who may be affected from a loss, for example, employees, customers,
suppliers and indeed the general public at large, are affected as little as possible.
This objective may also be supported by public relations considerations,
ensuring the maintenance of a good image of the organisation.
To achieve this public relations image it is necessary not only to do good but
also to appear to do good. This is achieved by making the community aware of
the enterprise’s social consciousness or sense of moral responsibility which
advocates that any losses impact on others minimally. A risk management
program that protects customers, suppliers, employees and the general public
19
TO P I C 1
against losses will go some way to ensuring that an enterprise satisfies its social
responsibility objectives, and generates some favourable public reaction if there
are disruptions in the enterprise’s operations or if the activities of the enterprise
cause injuries to persons or properties.
These comments use trading organisations as examples. But the same position
holds true for all entities, profit making and non-profit making alike. Non-profit
making bodies also need to control and provide for their pure risks. They are
exposed to them in the same ways as are profit making entities, and reducing
risks leaves more funds for their principal activities. Furthermore, it is possible
that by running a more cost-effective operation, that is, less vulnerable to risk,
they are in a better position to attract funds for their principal activities.
QUESTION 1.4
Sort the following into pre- or post-event objectives:
• survival;
• economy;
• continuity of operations;
• earnings stability;
• reduction in anxiety;
• social responsibility;
• continued growth; and
• meeting externally imposed responsibilities.
Check back in the relevant sections of the Study Guide to verify your decisions.
The policy statement

An initial step in establishing a risk management program is to set down a
written policy statement. This should be developed by the board and receive the
full and active support of senior management. The following benefits flow from
a policy statement as it:
• sets out the goals and objectives of the risk management function;
• defines the duties, authority and responsibilities of the risk management
department;
• coordinates the treatment of loss exposures on a similar basis throughout all
areas of the enterprise;
• establishes and improves existing communication channels and
management information systems; and
• provides for program continuity and facilitates transition during time of
personnel changes in the risk management department.
For the risk management department, the statement sets the guidelines by
which the department operates. It indicates to the department the approach to
be taken with respect to the retention and transfer of risk. In addition it will
20
Risk Management
usually indicate the position of the risk management department within the
enterprise chart, emphasising the importance of risk management within the
organisation. A sample statement is set out in Appendix A at the end of this topic.
The value of risk management

Risk management contributes significantly to the welfare of businesses, family
and society.
By using risk management it is possible for a business to achieve some preferred

combination of its post-loss and pre-loss objectives referred to earlier.
Proper risk management will improve profits directly and indirectly. Profits can
be increased directly by reducing expenses. Economy, a pre-loss objective, is
achieved by selecting the most economical techniques consistent with post-loss
objectives and implementing these techniques in the most economical fashion.
As an example, an enterprise may reduce its expenses because the risk manager
chooses to introduce a loss prevention measure.
Risk management contributes indirectly to profits in various ways.
A business that can worry less about pure exposures because of effective risk
management is financially and psychologically better prepared to seek out
speculative opportunities that may increase its profits. For example, if a business
feels secure in the way it has managed its present property loss exposures, it
may consider more favourably a proposal to purchase future properties.
Proper risk management produces more profitable decisions by forcing financial

managers to consider the pure loss exposures associated with speculative
ventures. For example, consider an enterprise which is looking at buying one of
two buildings. If the cost of the pure risk is not taken into account, Building A
may appear to be the better investment. Analysing the pure losses (cost of fire
damage, storm damage, etc.) and bringing these costs into account may alter
the decision in favour of Building B.
Risk management allocates pure loss exposure costs among the products,
services or markets serviced by the business. This allocation produces a more
accurate picture of the profitability of various products, services or markets, thus
permitting the enterprise to direct its activities in the most profitable directions.
It does this by recognising the cost of pure risk as an important component of
product cost.
Risk management techniques can benefit a family through the family making
provision for any future financial disasters that may befall them. The times of
these disasters will be traumatic ones for the family, but they can be more
effectively managed when provision has been made for them. In the absence of
such provision, the result may be personal bankruptcy, family break-ups or a
greatly reduced standard of living.
Impact of risk management on insurers

Insurers benefit from the astute practice of risk management through reduction
of costs. With the formal practice of risk management, insurance is seen today as
one of the techniques available to risk managers. It still remains a most
21
TO P I C 1
important risk financing technique but has also meant a change in attitude and
approach on the part of the insurers. In what ways have these changes
occurred?
In order to obtain the respect and business of risk managers, insurers and
brokers need to be familiar with the risk management approach to handling
losses. Insurers and their representatives need to appreciate that their product is
simply one of the techniques for handling loss exposures. Risk managers of large
firms are becoming more knowledgeable, so increasingly insurers are called
upon to provide products and services based as much on what the risk manager
wants to buy as on what the insurers want to sell. This represents a substantial
change in the practice of insurers. Insurers and brokers have responded to this
new demand through the provision of risk appraisal, advisory and claims
handling services. These facilities are available on both a national and
international basis.
ONLINE READING
Please note: the following reading is only available online.
Please read O’Rourke 2004, ‘Standing out from the crowd’ which discusses ways a risk
manager can assist their underwriter in achieving their goals.
The risk management process

The basic purpose of risk management is to employ a systematic approach to
control the costs of pure losses, thereby reducing costs to the enterprise. The
manner by which all this is achieved is referred to as the risk management
process. This process involves the following steps:
1 Establish the context

2 Identification and analysis of risks.
3 Development of a range of strategies to handle these exposures.
4 Choice of the particular combination of strategies to handle the identified
exposures.
5 Implementation of the chosen strategies.
6 Monitoring the implemented program.
These steps are now examined in more detail.
1 Establish the context

Before you begin developing a risk management program you must understand
the relationship between an organisation and its environment. A good risk
manager must understand their organisation’s strengths and weaknesses, its
capabilities and its goals and objectives. They need to be aware of what their
organisation does, and all the risks they are exposed to. A risk manager also
22
Risk Management
needs to be aware of both the internal and external factors that might affect
their ability to handle any risk whether they be legal, social, environmental,
technological and of course economic factors. For instance, every organisation
will have occupational, health and safety legislation they need to comply with
and could affect what their business does or how they operate. A risk manager
cannot control the legislation that affects them but they can control the ways in
which they comply with this legislation.
Establishing the context means you must also know the key stakeholders of the
organisation. Stakeholders are those that are affected by the risk manager’s
decisions. They will include a range of people from the obvious like employees,
managers and customers to the not so obvious like unions, financial institutions,
government, service providers and suppliers. All of these people will have
different needs and concerns that the risk manager needs to be aware of.
Once you understand this, a risk manager is able to implement a risk

management program within the parameters unique to each company i.e. costs,
risk appetite (are the risks acceptable or not), objectives, resources, etc.
2 Identification and analysis

The next step is to identify all losses that exist. To do this it is necessary to
develop a systematic approach to ensure that as many loss exposures as
possible are revealed. It will not be possible to identify every conceivable loss
exposure for there will always remain some which will be discovered only when
the loss occurs. In a later topic, the techniques available will be covered in
greater depth.
Once the exposures are identified the next step is to analyse the frequency of
losses that may flow and also their magnitude (referred to as ‘severity’).
3 Development
The purpose of this step is to consider all possible practical measures for
handling loss exposures, including not only the means by which the cost of
losses can be met, but also ways in which losses can be reduced. In later topics,
these techniques will be dealt with in detail.
Broadly the techniques can be divided into two areas:—control techniques and
financing techniques.
(a) Control techniques

Control techniques deal with loss prevention and loss reduction matters. They
introduce measures which eliminate the risk of loss or reduce either or both the
number of losses or the severity of those losses that may occur. For example, the
installation of a sprinkler system will not stop a loss from occurring but it should
have the effect of reducing the severity of a loss. (As soon as a fire commences
and the system is triggered, immediate aid is provided in the form of water
sprayed to extinguish the fire and simultaneously the fire department is alerted.)
Putting a guard on a moving part of machinery may be sufficient to eliminate
many losses stemming from that piece of machinery.
23
TO P I C 1
Risk avoidance is another form of risk control. It should be emphasised that risk
avoidance is only used as a last resort. It would be used in situations where the
costs flowing from the loss are far greater than the benefits of the activities
involved. For example, an enterprise involved in the manufacture of
pharmaceutical products may have a very profitable product which it is
considering sending to the North American market. Because of the potential for
extremely large product liability suits, the enterprise may feel that this risk far
outweighs any profits that they may achieve, and as a result decide to avoid the
risk by not exporting to that market.
Another example of risk avoidance is subcontracting a hazardous part of a

process to an outside entity, and in so doing transfer the pure risks associated
with that process to the other enterprise.
(b) Financing techniques

So far we have identified various risks and examined the different ways in which
these risks can be reduced or otherwise taken care of by a variety of control
techniques.
Provision must still be made for the remaining risks. The enterprise needs to plan
to meet the consequences of these losses. There are two approaches used
here—(i) risk retention and (ii) risk transfer.
(i) Risk retention can arise in one of three ways:

• The first is out of ignorance. In other words, the enterprise did not realise the
risk existed until the loss occurred. Aside from putting away funds to cater
for some unknown risk materialising, there is really no way of providing for
risks due to ignorance.
• The second way risks are retained is through inertia. These risks are ones
that the enterprise is aware of and intends to do something about, but the
loss occurs before action is taken. Whilst the reason for this occurring is
different from the first, the effect is the same inasmuch as no provision will
have been made for meeting the cost of the loss.
QUESTION 1.5
What risks can you think of that fall into the inertia category? Jot some down.
• The third, and hopefully in any enterprise the most common way, is planned
risk retention. In this instance the enterprise is aware that risks exist, but the
risks have been analysed and the enterprise has decided it will meet these
risks out of its own funds, which have been developed with this contingency
in mind. (This area will be treated in more detail at a later stage.) Losses that
come under this heading are low in severity but the frequency could be low
or high.
Examples of low severity situations are broken windows, which occur fairly
infrequently and when they do occur the cost involved is quite small. Such
losses would most likely be written off as a maintenance cost. This would be
provided for each year in the enterprise’s maintenance budget.
24
Risk Management
Examples of high severity situations would be motor vehicle losses. The

enterprise could retain all motor vehicle losses or part of them, transferring
the balance to an insurer. Much would depend here on the size of the
enterprise. Because of the high frequency of losses, an enterprise which has
a motor fleet would be able to estimate with reasonable accuracy the level
of losses to which they are exposed, and can then set aside funds to be in a
position to meet those losses. This would involve setting up administration
to handle the losses.
(ii) Risk transfer is the other risk financing technique and can be broken into
two areas:
• Non-insurance
This heading also appears under the control techniques. An example of non-
insurance appearing under the heading of financing techniques would be a
transfer by way of contract. For example, under a lease agreement, the
tenant may be held responsible for all losses in relation to the property
whilst it is being leased to that tenant. Thus, in the event of a loss occurring,
the cost of that loss is passed to the tenant. This aspect will be covered in
detail in a later topic.
QUESTION 1.6
What other situations can you think of that would be classed as transfer by non-insurance
means? Write several down.
• Insurance
This is by far the most common type of risk transfer. It is transfer by way of
contract, except that the contract here is an insurance contract. In other
sections of your course, you will have examined in detail the types of risks,
and the ways in which they can be covered under insurance contracts.
Prior to looking at insurance as the form of risk transfer, a number of
strategies should have been developed and costed. For example, the cost of
implementing loss control techniques will need to have been taken into
account. The fitting of a sprinkler system can have a dramatic effect on the
reduction of potential losses, but at the same time the installation cost of
that system and its ongoing maintenance must also be considered. The
relationship between risk retention and transfer, particularly insurance
transfer, needs to be explored. The most common areas weighed up here
will the range of differing deductible levels on an insurance contract to see
which offers the most economical combination to the body seeking control
of losses. These must be examined by the risk manager to see which
particular level best suits the enterprise.
25
TO P I C 1
4 Choice
Having developed a range of strategies, it is now necessary to choose the
appropriate combination of strategies to make up the risk management
program. This would be done by senior management or the board.
The combination of techniques chosen will be those that provide the most
economical yet most effective combination; that is the combination which is
capable of achieving the desired goals using the least expensive means.
There are many factors that must be taken into account. The principal of these is
financial considerations. All measures to control and finance potential losses are
at some cost. What needs to be considered when evaluating the strategies is
their cost and when the finance will be needed.
For example, in considering an insurance cover the premium may need to be

paid in advance, but with a self-insurance program funds would be needed only
after losses occur. In the interim the funds otherwise paid in premiums would be
available for investment. Alternatively it may mean that an enterprise can delay
obtaining finance, thereby saving on interest. But financial considerations are
not the only ones to be taken into account.
Other considerations include the level of pre- and post-loss objectives of the
enterprise. These objectives are discussed later when you look at the goals of risk
management. There are also the legal, financial and humanitarian aspects to be
taken into account and these temper the purely financial criteria approach.
5 Action
Having decided on the methods or strategies the enterprise intends to follow,
these strategies need to be put into practice.
6 Monitoring
Businesses are continually undergoing changes and the same is true of the pure
losses that are associated with business. To this end it is necessary to continually
monitor the risk strategies or risk program to ensure that it is continuing to fulfil
its purpose. Initially the monitoring is to ensure that the program is operating in
the way intended. Continual monitoring ensures that the program keeps up to
date with the changes that the enterprise is undergoing. These changes may
lead to the creation of new risks and elimination of others; the increase or
decrease of some risks; priorities may change; and some risk treatments
strategies in place may become less effective.
ONLINE READINGS
Please note: the following readings are only available online.
Please read Head 2004, ‘The duality of risk’;

26
Risk Management
Jablonowski 2004, ‘Facing risk in the 21st century’,

Sullivan 2004, ‘Part of the profit: risk management and the bottom line to help understand
the function of risk management’,
Risk management rules

There are three precepts in risk management that are very useful. These are:
1 Do not risk more than you can afford to lose.

2 Do not risk a lot for a little.
3 Consider the odds.
These three rules are invaluable in considering any risk management situation
whether it be a commercial or a private one.
To elaborate a little on each of the rules:

1 Do not risk more than you can afford to lose
The areas that need most attention are those losses that could put the business
out of operation. Finance must be available for these. The approach to providing
for the consequences of risk should be to start with those that, should they
occur, would have the most detrimental effect on the entity. Look to retain only
those risks which are within the means of the entity.
2 Do not risk a lot for a little

With some risks the cost of the loss may be fairly high but the benefit achieved
by being exposed to the risk may be very small. In such a case it is imprudent to
be exposed to high loss for small return. For example, a fire and theft insurance
cover on a motor vehicle with a value of $2000 may be available for $50. The
saving in this case ($50) is probably not worth the potential risk.
3 Consider the odds

Because the probability of loss is low this does not mean that the risk can be
ignored. If the potential cost of the loss is high and its possible effect on the
business is great then provision must be made for the loss. The risk of
earthquake damage in Brisbane would have a very low probability of loss, and
the temptation to ignore making provision for that risk would be great. Many in
Newcastle took that approach, to their regret. There are some risks that are too
remote to consider, such as a meteor hitting Melbourne: it is possible but
because of its very low probability of loss many would not consider providing for
the loss.
27
TO P I C 1
READING
Please read Williams & Heins 1989, ‘Introduction to risk and risk management’. This brings
together the areas that have been considered in this topic and sets the scene for the
succeeding topics.
Review
A number of definitions of risk have been examined with a view to establishing
those areas of risk that are of significance to the risk manager. The risk manager
is concerned with pure risks that are also economic risks. These risks can be
either objective or subjective, depending on the amount of information that we
have about the risk.
The three risk management precepts are:
• Do not risk more than you can afford to lose.

• Do not risk a lot for a little.
• Consider the odds.
We then moved on to consider the place of risk management in the

management function. The success of any risk management program depends
on the support it receives from senior management, for if they are seen to be
actively supporting the program then its chance of success is considerably
enhanced. If they are not, then it is most probably doomed.
In establishing the program, goals need to be set and these goals ideally will
coincide with the company’s own goals.
The risk management department is the facilitator of the risk management

program, and is the catalyst that coordinates the program in large organisations
throughout the various departments in the enterprise to ensure its successful
operation.
In the final section of the topic, the risk management process was discussed. This
initially involved the identification and analysis of risks, followed by the
development of strategies for the handling of those identified risks. Next a
particular combination of strategies that best suit the enterprise was chosen. At
this step senior management or the board decides on a particular set of
strategies from the options developed, implements those strategies and,
importantly, monitors them. Since any business is a dynamic one and as such is
continually changing, the risk management program also needs to be able to
change so that it still suits the needs of the business.
28
Risk Management
Review questions
REVIEW QUESTION
1.1
From the following situations identify:
(a) the types of risks involved; and

(b) which situations should involve the risk manager:
(i) A company purchases a building as part of its investment portfolio.
(ii) A company is looking to diversify its product range into a new area.
(iii) A company is deciding whether to invest in shares in company A or company B.
(iv) A motor mower manufacturer is considering which brand of engine to install in its
mowers. The difference between brands is one of cost only.
(v) A company is determining which retail chain will sell its product.
REVIEW QUESTION
1.2
From the following situations give:
(a) the different classes of pure risk that could arise; and
(b) examples of each.
The information given in each case is brief. It is up to you to think through the possible
loss situations that could arise.
(i) A fire occurs at the premises of Sutton & Co. It was thought that the fire was
started from the negligent burning of an incinerator by an employee of Sutton &
Co.
(ii) Smith & Co. are vehicle repairers. They have been advised that the brakes on a
truck they serviced recently have failed. Details of injury and damage are not
known yet.
(iii) The warehouse of Cozy Co. is located by a large river. The river level rose during
recent storms, flooding the warehouse.
The following are very brief descriptions of enterprises. Indicate the types of pure
losses that could be encountered.
(iv) Bloggs’ Supermarkets is a small chain that operates only in the city of Melbourne.
The company has a staff of 300 and operates 10 stores. These supermarkets are
serviced by one central warehouse.
(v) Deakin University has 32 000 students and operates on four campuses.
(vi) The All Religions church is a large group that operates throughout the country. Its
functions are the same as any major church group which, apart from worship
activities, includes a range of social functions such as refuge shelters, emergency
accommodation, meals for needy people, welfare support and the like.
(vii) Think of the municipal governing body in the shire or city in which you live and
answer the question in relation to that local government authority.
29
TO P I C 1
REVIEW QUESTION
1.3
Bert Johnson is the Risk Manager for New Look Products Ltd. As risk management deals with
pure risks what, if any, interest does Bert have in the company’s speculative risks?
REVIEW QUESTION
1.4
In considering pure risks there was discussion on loss of income resulting from damage to
the property of others. As the income referred to is ‘business profit’, or speculative risk, then
how can this be considered as a source of pure risk?
REVIEW QUESTION
1.5
Briefly describe the six steps in the risk management process.
REVIEW QUESTION
1.6
How can risk management increase business profitability?
REVIEW QUESTION
1.7
Apart from profit increase what other benefits flow from risk management?
REVIEW QUESTION
1.8
List some of the objectives within each of the two major classifications of risk management?
REVIEW QUESTION
1.9
Why would one enterprise choose different objectives from another?
REVIEW QUESTION
1.10
Is survival a reasonable post-event objective? If so, explain.
30
Risk Management
References
Fayol, H. 1949, General Industrial Management, Pitman, New York.
Mehr, R. I. & Hedges, B. 1974, Risk Management: Concepts and Applications, Irwin,
Homewood, Illinois.
Pfeffer, I. 1956, Insurance and Economic Theory, Irwin, Homewood, Illinois.
Further resources
Baranoff, EG 2003, Risk Management and Insurance, Wiley & Co.
Best, R. K. c. 1975, The role of the Australian risk manager, unpublished paper,
pp. 28–34.
Bieber, R. 1991, ‘The making of a risk manager’, Risk, vol. 3, no. 1, Feb., pp. 32–5 and vol. 3,
no. 2, Mar., pp. 32–4.
Bruce, A. J. c. 1975, Risk management information: Collection, allocation, interpretation,
unpublished paper, pp. 146–55.
Carter, R. L. & Dougherty, N. A. 1974, ‘The development and scope of risk management’,
Handbook of Risk Management, Kluwer-Harrap Handbooks, London.
Dorfman, M 2005, Introduction to Risk Management and Insurance, Pearson/Prentice Hall.
Rejda, GE 2004, Principles of Risk Management and Insurance, Addison Wesley.
Trieschmann, J, Sommer, D and Hoyt, R 2005, Risk Management and Insurance, 12th edn.,
Thompson Learning.
Vaughan, EJ and TM 2002, Essentials of Risk Management & Insurance, Wiley & Co.
Viciulus, P. 1991, ‘Concept of risk management’, Risk, vol. 2, no. 7, Dec.–Jan., pp. 40–1.
Weber, H. T. 1990, ‘Implementing a practical risk management program’, Australian Risk
Management, vol. 1, pp. 18–19, 31–2.
31
TO P I C 1
Appendix
Appendix 1.1: Risk management policy statement

The Management of this enterprise is committed to actively managing Risk in all
areas of operations.
The principal objective is to ensure that no one area or combination of areas is

so exposed as to jeopardise the survival of the enterprise.
To achieve this objective Management at all levels will take a proactive stance in
reviewing all aspects of operation to:
• identify risks;
• quantify risks;
• retain risks; and
• transfer risks.
Insurance will be regarded only as a final solution in the risk transfer process to
deal with risks of a catastrophic nature. The negotiation and purchase of
insurance cover to deal with these particular exposures will be through the Risk
and Insurance Department.
Loss control, Safety and Rehabilitation will be the prime responsibility of the
Cost Centre Managers.
Risk Management training will be the responsibility of Group Offices in

association with the Risk and Insurance Department staff.
Reginald Smithers
Managing Director
32
Risk Management
Suggested answers
Questions
QUESTION 1.2
(a), (c) and (e) are all examples of risks. The occurrence of such incidents can be
calculated mathematically. In (b) and (d) the changes cannot be predicted as
they are the result of government decisions—some direct, others indirect.
QUESTION 1.5
Some examples include a company purchasing a car but not arranging
insurance immediately, or taking on a new employee without arranging workers
compensation cover.
QUESTION 1.6
Two examples of risk transfer by non-insurance means are:
(a) Building contracts in which the builder undertakes to indemnify the

principal for all liability that the principal may incur arising out of matters
relating to the contract.
(b) A car parking station where a sign informs you that you park at your own
risk.
Review questions
REVIEW QUESTION
1.1
(i) (a) Pure risk—Damage to building.
Speculative—So far as the value of the investment is concerned.
(b) The risk manager should be involved but only in relation to the cost of
pure risk associated with the building.
(ii) (a) Pure risk—Damage or injury arising out of the product.

Speculative—Investment in the new product range.
(b) The risk manager needs to advise on the pure risk potential arising out
of the product.
(iii) This is a speculative risk only.
33
TO P I C 1
(iv) This is a speculative risk only.
(v) This is a speculative risk only.
REVIEW QUESTION
1.2
(i) Property—Damage to building and contents.
Liability—Liability for damage to surrounding property, employees.
Personnel—Injury to employees.
Financial—Loss of income due to the interruption of the business.
(ii) Property—Damage to the vehicle.

Liability—Liability for damage caused by the vehicle including income loss.
Personnel—None apparent.
Financial—None apparent.
(iii) Property—Damage to building and contents caused by the flooding.

Liability—Property of others stored. Depending on storage conditions there
may be a legal liability for damage to property.
Personnel—Staff at the warehouse.
Financial—None apparent.
(iv) Property—Damage to building and contents from a range of perils.

Liability—Arising out of premises, products and acts of employees.
Personnel—Injury to employees
Financial—Loss of income through business interruption. Loss by theft or
dishonesty.
(v) Property—Damage to building and contents from a range of perils.

Liability—Arising out of premises, products and acts of employees as well as
professional liability.
Financial—Loss of income through business interruption. Loss by theft or
dishonesty.
(vi) Property—Damage to building and contents from a range of perils in

church halls for example as well as premises they may be renting.
Liability—Arising out of premises, food provided and advice given.
34
Risk Management
Financial—Loss of income through loss of records in a fire or due to some

other peril. Without records they are limited in their collections. Loss by theft
or dishonesty.
(vii) Property—Damage to building and contents from a range of perils.

Liability—Arising out of premises, acts of employees as well as professional
liability. Liability for streets and footpaths.
Financial—Loss of revenue through business interruption. Loss of records
may curtail the collection of the rates.
REVIEW QUESTION
1.3
Bert is interested in speculative risk decisions to the extent that they also involve
pure risks. For example Bert’s enterprise buys a building as an investment. The
investment aspect of the transaction is a speculative risk. With the ownership of
that building comes some pure risks. The building can burn down or can be
exposed to other risks of loss or damage all of which are pure risks. Bert needs to
be involved in providing for these. In deciding on the investment Bert should
have input to the extent that he can advise on the cost of pure risk associated
with the investment. This cost can be taken into account when the enterprise is
calculating its expected return on the investment. In any business situation pure
risks are invariable tied in with speculative risks.
REVIEW QUESTION
1.4
In this case the speculative risk of the party suffering the damage is a pure risk to
the enterprise.
The operation of a business enterprise is a speculative risk. By a negligent or

similar act a person causes injury to the other business and then there is a legal
liability to make good that loss. It does not matter if that loss is damage to
property or interruption to the business that results in loss of income. It is a legal
liability to the enterprise and therefore a pure risk. Whether it is a pure or
speculative risk depends on the viewpoint of the person looking at the risk.
REVIEW QUESTION
1.5
The five steps in the risk management process can be memorised with the
mnemonic CIDCAM which stands for:
Context Understand your company and the environment which it

operates within. Know the key stakeholders and be familiar
with the company’s goals and objectives.
Identify In this step you identify all the risks that exist.
35
TO P I C 1
Develop At this point a range of strategies is developed to handle the

risks. More than one strategy may relate to each risk.
Choose Choose the combination of strategies that you wish to use to
handle the risks. The ultimate decision would be made at a
senior management level based on reports recommending the
desired approach.
Act Having decided on the course, act to implement that strategy.
Monitor Once the program is under way it needs to be continually
monitored to ensure that it is doing the job that was intended.
REVIEW QUESTION
1.6
By producing the most economical means of managing risk, expenses are
reduced and therefore profits are increased. Using a formal approach means that
all areas are looked at, the full range of control and financing measures are
considered and a program is developed which ensures the most economical and
beneficial approach to the enterprise.
REVIEW QUESTION
1.7
Other benefits that can flow from risk management are:
• A better relationship with customers, suppliers, employees and creditors, in

that they see the enterprise as a reliable, consistent and dependable one.
Insurance costs, in the long-term, would also be reduced.
REVIEW QUESTION
1.8
As discussed in the Study Guide these objectives fall into two areas:—pre-event
and post-event. Pre-event applies if no loss occurs. Risk management achieves
the following goals:
• economy in the handling of the risk management program;

• reduces anxiety on the part of the enterprise because there is a program in
place;
• ensures that external responsibilities are met; and
• ensures that social responsibilities to employees and to the community at
large are met.
If a loss does occur, then one must refer to that range of objectives which have
already been determined in advance to meet this situation. These options were
discussed in detail in the Study Guide and you should review them. They range
from survival to continued growth and social responsibility.
36
Risk Management
REVIEW QUESTION
1.9
With the post-event objectives, different firms will have different expectations.
Some may not be able to afford the cost of the higher objectives. Others,
because of different attitudes towards risk, may be prepared to accept a lower
objective and release the extra funds needed to attain higher levels in
speculative areas of the business.
REVIEW QUESTION
1.10
If survival is all that is sought, so long as all outcomes have been thought
through, then that is a reasonable post-loss objective. It would suggest that the
principals are high risk takers as selecting survival would make regaining the
market very difficult.
37

Topic 1

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Topic 1

Загружено:

Авторское право:

Доступные форматы

TOPIC 1

The concept of risk management

The concept of risk management 3

Classification of pure risks 8

Management of risk in business 11

The objectives of risk management 17

The risk management process 22

Risk management rules 27

Appendix 1.1: Risk management policy statement 32

• distinguish between risk and uncertainty;

The concept of risk management

What is risk management? How did it evolve?

The development of risk management is part of a more general development of

Risk management embodies a comprehensive strategy towards risks. As a

Let us expand on these methods.

(a) motor vehicle accidents

Pure risks and speculative risks

Objective risks and subjective risks

Statisticians may express objective risk in terms of statistical error in sampling

embarking on an adventure of any type. Subjective risk therefore is an

Economic and non–economic risks

Classification of pure risks

In addition to the physical destruction or loss of property, losses may occur

In considering potential partial losses of property, it must be borne in mind that

(i) destruction, loss, damage or theft of tangible assets

(b) Business interruption

In summary, risk management is a division of the broader branch of

Management of risk in business

The management of risk today is becoming increasingly difficult. All

This scenario is one example of the pressures being put on management,

The importance of risk management is evidenced by the fact that Standards

Risk Management standard AS/NZS 4360:2004

It sees risk management as an integral part of good management practice and,

The standard defines risk and risk management respectively as:

Responsibility is clearly put on management. The standard requires

• a risk management system is implemented in accordance with the

The standard also requires management to provide adequate resources to

The standard requires a periodic review of the system by management.

Risk management as part of the management function

Risk management involves all these activities. Fayol, in his writings on

Fayol’s security function we refer to today as risk management, although it has

• Accounting department—segregation of duties and through the use of

The risk management department and its manager

The makeup of a risk management department will vary considerably according

The medium department would probably add an insurance manager as well as

In a large department the risk manager would concentrate more on

The responsibilities of the department would include:

• identification, analysis, measuring and handling of risks;

The risk management program

financially is an excellent way of putting the case. An investigation in an

Figure 1.1 XYZ Pty Ltd workers compensation losses 2004–2013

The upper portion of the first column—developed losses—shows the expected

The future year estimates—2010–2013—continue the increasing trend. Armed

Each of these points is worth examining in more detail.

The objectives of risk management

3 Meeting externally imposed obligations

The policy statement

The value of risk management

By using risk management it is possible for a business to achieve some preferred

Risk management contributes indirectly to profits in various ways.

Proper risk management produces more profitable decisions by forcing financial

Impact of risk management on insurers