Risk management process refers to a series of steps that must be accomplished in managing risks. They includes; Determination of objectives, Identification of risks, Evaluation of risks, considering alternatives and selecting the risk treatment device, implementing decisions, evaluation and Review
Determination of Objectives
The objectives of a risk management program must be determined initially i.e. deciding precisely what the organization would like the risk management to do.
Risk management has a variety of objectives that can be classified into two;
- Pre-loss objectives
- Post-loss objectives
This will include economy, reduction of anxiety, and meeting externally imposed obligations and social responsibility
This will include survival, continuity of operations, earning stability, continued growth and social responsibility. Other scholars have advocated that the objective of risk management is similar to the ultimate goal of other functions of the business, which is to maximize value of the organization.
The limitation to the value maximization objective is that it is only relevant to business entities and not relevant to the organization such as the government and non-governmental organization.
Some scholars have argued that the main objective of risk management is survival, in order to guarantee the continued existence of the organization or preserve the operating effectiveness of the organization.
This objective of survival will ensure that the organization is not prevented from achieving its objectives losses that may occur out of pure risk.
Because one cannot know those losses will occur or the amounts of such losses, arrangements to guarantee fee survival must reflect the worst possible combination of outputs.
Before risk management can be done, the risks that face the organization must be identified. This is the most difficult step because it is a continuous process as well as it is difficult to establish when risk identification has been done completely and exhaustively.
It is difficult to generalize about the risks that face the organization hence the need for a systematic approach to risk identification.
In risk identification we ask the question, how can the assets or earning capacity of the enterprise be threatened? The objective being to identify all risks facing the organization not limited to insurable or those experienced in the past. For risk identification to be successful there must be two essentials;
- The task of risk identification must be someone’s job. This is because everybody’s responsibility is nobody’s responsibility e.g. having a risk manager or someone’s job description includes risk identification. Good management on its own is not enough to identify risk, it must be someone’s job.
- The tools of risk identification must be available to the person to identify risk.
The techniques and tools of risk identification include;
Gaining thorough knowledge of the organization and its operations way of interviews and outside the organization as well as examining the internal records and documents.
Analysis of documents
The purpose of this is to discover trends. The documents to be analyzed include; financial statements, contracts, inventory records, valuation reports e.t.c.
The flow charts
The flow chart of an organization’s internal operations will view the organization as a process and therefore seek to discover all contingencies (Unexpected liabilities) that could interrupt the processes involved e.g. damage to key assets of the organization, loss of key staff through death, incapacitation or resignation.
Risk Analysis questionnaires
These are also referred to risk tact tenders and assist in identifying risks pausing a series of questions whose answers will indicate whether hazardous conditions exist e.g. does KSPS have flammable substances within the premises, does the college have fire extinguishers that are in operational order etc.
Exposure Check list
This refers to a list of common exposures where aim is to reduce chances of commissions and oversight some of which can be serious.
Insurance Policy checklists
These are checklists available from insurance companies and publishers of insurance material that indicate the variety of policies that exist to cover risks.
Export computer systems
Such systems incorporate the features of risks analyze questionnaires, exposure checklists and insurance policy checklists in one system.
Other Internal Records:
In addition to the Financial Statements there are other internal documents that can be used to identify loss. These include; corporate laws, annual reports, minutes of board and directors meetings, organization chart, policy manual, contracts such as leases and rental agreement, purchase orders etc.
On Site Inspection:
Involves visiting various locations and departments where assets are located. Just as one picture is worth a thousand words, one inspection tour may be worth a thousand checklists.
This specifies who bears the loss in case it happens e.g. in sales contract, you may be given a warrant.
Statistical Analysis of Past Losses:
This is done simulating the chance of occurring using data generated a computer based on past events. Example; In motor vehicle industry (Matatu) accidents occurs mostly during holidays (Easter, Xmas etc.) due to either overloading or over speeding.
Studying organizational chart: Studying organizational chart could help the company identify exposure to pure loss through loss of key personnel. Example is the case of a very expensive machine critical to a manufacturing process which can only be operated one employee. This unfortunate state of affair could be identified through scrutiny of the organizational chart.
Forecasting : The organization can identify its pure loss exposure through forecasting of expected income under normal circumstances and an estimation of post loss income .The difference is the loss
Valuation of property: Knowledge of replacement values can help the risk manager to estimate the exposure to pure loss. Risk managers should keep current price and source list for their properties.
Evaluating risks and considering alternatives
Once risks have been identified, the risk manager must evaluate them ranking them in terms of importance (prioritization).
There is need to consider the approaches that might be used to deal with risk and then select the technique appropriate to deal with the identified risk. During this stage, the risk manager is primarily concerned with deciding on which of the techniques available is appropriate.
In deciding which of the available techniques should be used, the risk manager should consider:
- The size of potential loss.
- The probability of potential loss
- Resources available to meet the loss should it occur.
- The cost and benefits of each of the techniques to be adopted.
Implementation, evaluation and review
At this stage of the risk management process, a decision is made and implemented in the organization such that if the decision is loss prevention, then a loss prevention program must be designed and executed. If the decision is risk transfer through insurance, then the selection of the insurer negotiation and placement is made. If the decision is to retain risk, reserve funds must be accumulated in order to meet losses should they occur.
Evaluations and Review
There is need to evaluate and review the whole process due to the new changes that may occur and new risks that arise. Hence, the technique that was appropriate in previous periods may no longer be applicable in the current year.
Evaluation and review is important as it enables the risk manager to review decisions made and detect mistakes before they become costly. Review can be done repeating the steps of the risk management process to determine whether past decisions were proper in the light of existing conditions.
Risk management Problems
Many of the challenges faced risk managers are often similar to those faced other managers. However, a number of key characteristics will tend to distinguish risk management problems and they include the following:
- Time horizon
- Measurement of costs and benefits
- Credibility of data
- Possible uncertainties
- Possible externalities
- Independent exposures
The evaluation of risk control efforts usually require long term view even up to 20 years in order to evaluate company’s risk management projects that require capital investment. Also, risk financing consideration companies will require a long-term horizon for example decisions regarding medical insurance schemes will be adopted a company as opposed to a company where a fixed medical allowance is granted to all employees or where medical bills are refunded upon production of genuine receipts.
Measuring costs and benefits
A good feature of a successful RM is where there’s absence of unpleasant surprises. When a risk manager prevents or reduces losses and benefits accruing to the company, they may not want to be faced with losses that they are not compensated. Some may be difficult to measure, hence the need to install safety devices, to prevent such un-contemplated risks.
Credibility of data
The justification of risk management efforts will often rely on the data developed from past experience, hence environmental change and the nature of the organization can make data obsolete for decision making purposes.
The prediction of future outcomes in order to make current decisions is often a risky task and can only be done use of probabilities.
Recognition of externalities
Externalities are economic costs that are not captured in the price of a product. They represent market failure to the extent that the market pricing systems fail to capture or predict production costs.
For example, when pricing and costing items in a factory, the pollution caused the factory may not be factored unless the factory is under duty to clean up such pollution.
Identification of Inter-dependence:
Inter dependent exposures are present when a single peril can cause more than one loss. Possible interdependence is of critical importance to a risk manager. For example, a natural calamity can trigger more than one loss such as property destruction; death etc yet such peril may not be insurable.