We have throughout portrayed risk as having a negative effect e.g. great steps in medical fields have been achieved at the personal risk of those researchers prepared to test drugs and treatment; risk is also at the every heart of any free market economy i.e. it enables wealth to be created. In summary therefore risk can be negative or positive and the challenge to us is to manage the risk to which a business is exposed. This has led to the evolution of the discipline of risk management – which is the identification analysis and economic control of those risks which threaten the assets or earning capacity of an enterprise. From the foregoing definition, the following stand out:-
- Risks must be identified before they can be measured
- The eventual control mechanism must be economic i.e. you spend less to forestall bigger losses
- Risks can affect assets or earning capacity and the assets can be both physical and human
- The principles of risk management are applicable to service, manufacturing, public or private sectors of the economy and hence the use of the word enterprise.
It has also been defined as the logical development and carrying out of a plan to deal with potential losses. The purpose of risk management program is to manage an organizations exposure to loss and to protect its assets
It is the human activity which integrates recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources. Risk Management involves:
- Identifying and measuring potential risk.
- Develop and execute a plan to manage this potential losses
- Continuous review of the plan after it has been put into operation.
Nature of risk management
Buying of insurance was the traditional role of risk management and was the key function of risk managers. A part from purchasing insurance, other functions of a risk manager are:
- Assists the organization identify the risk
- Implement a loss prevention and control programmes
- Review contracts and documents for risk prevention and management purpose
- Provide training and education on safety related issues
- To ensure compliance with laws and government regulation. This will involve monitoring changes in the laws and implementation requirements from various stake holders
- Claims management and working with legal representatives to manage litigation risks.
- Designing and co-coordinating employee benefit programmes, including retirement packages
- Currency hedging i.e protects the organization from adverse affects arising due to fluctuations of currency. The risk manager can recommend the purchase of a stable currency or money equivalent in an effort to protect the organization.
- Government lobbying – Where the risk manager constantly interacts with influential persons in an effort to ensure that government policies do not adversely affect the company.
- Advice on company restructuring including acquisition and mergers even disposals. The purpose will be to avoid diverse effects of the restructuring from affecting the company Public relation.
Principles of risk management:
- Risk management should create value.
- Risk management should be an integral part of organizational processes.
- Risk management should be part of decision making.
- Risk management should explicitly address uncertainty.
- Risk management should be systematic and structured.
- Risk management should be based on the best available information.
- Risk management should be tailored.
- Risk management should take into account human factors.
- Risk management should be transparent and inclusive.
- Risk management should be dynamic, iterative and responsive to change.
- Risk management should be capable of continual improvement and enhancement.
Risk Management Policy
Is an organization’s written statement that sets out its approach to risk management. Its objective is to safeguard the organization’s property, interest and certain interest of employees during the conduct of business.
Benefits of risk management policy statement.
- It enables the organization to survive incase of emergency situation i.e. a policy that document measures to be taken incase of fire out break may save the organization from suffering severe losses when such occur.
- Reassures staff, stakeholders and governing body in business of the organization going concern capacity. This could give the insurance a hedge over its competitors.
- Support Strategic and Business Planning. A risk Management policy statement would support an efficient development of business plan the organization since it avails information on how to cater for potential risks.
- Enhances communication between production, sales, marketing and Administration department.
- Improves the organization’s ability to meet objectives and achieve opportunities.
- It encourages organization to take activities that have a high level of risk because risk can be identified and are well managed, so that the exposure to risk is both understood and acceptable.
- It ensures survival and growth of the business even after making losses.
- It leads to minimization/prevention of losses which occurs due to unstructured procedures.
- Enables quick assessment and gasp of new technology.
- Supports the effective use of resources.
- Promotes continuous improvement.
- Well prepared risk management policy makes the company socially responsible towards its environment, employees, suppliers, customers, and the communities in which it Operates
- Well prepared risk management policy assures the firm of stability of earnings.
Risk management strategies (tools)
Risk, at the general level, involves two major elements: the occurrence probability of an adverse event and the consequences of the event. Risk estimation, consequent-ly, is an estimation process, starting from the occurrence probability and ending at the consequence values.
Risk evaluation is a complex process of developing acceptable levels of risk to individuals, groups, or the society as a whole. It involves the related processes of risk acceptance and risk aversion.
Risk acceptance implies that a risk taker is willing to accept some risks to obtain a gain or benefit, if the risk cannot possibly be avoided or controlled. The acceptance level is a reference level against which a risk is determined and then compared. If the determined risk level is below the acceptance level, the risk is deemed acceptable. If it is deemed unacceptable and avoidable, steps may be taken to control the risk or the activity should be ceased. The perception and the acceptance of risks vary with the nature of the risks and depend upon many underlying factors. The risk may involve a “dread” hazard or a common hazard, be encountered occupationally or non-occupationally, have immediate or delayed effects and may effect average or especially sensitive people or systems.
Risk aversion is the control action, taken to avoid or eliminate the risk, regulate or modify the activities to reduce the magnitude and/or frequency of adverse affects, reduce the vulnerability of exposed persons, property or in this case urban systems, develop and implement mitigation and recovery procedures, and institute loss-reimbursement and loss-distribution schemes.
Risk Management Strategies include the following:
Risk Avoidance is just that, avoiding the risk associated with a specific task, activity or project. Often, following the review of a contract, it is determined that a project is just too risky. The client may decide not to bid the work at all, or remove that element of the work from their bid, sometimes using an alternate deduct to delineate the exclusion. Risk avoidance is strictly a business decision, and sometimes a very good strategy if construction documents are unclear, ambiguous or incomplete.
Risk Abatement is the process of combining loss prevention or loss control to minimize a risk. This risk management strategy serves to reduce the loss potential and decrease the frequency or severity of the loss. Risk abatement is preferably used in conjunction with other risk management strategies, since using this risk management method alone will not totally eliminate the risk.
Risk Retention is a good strategy only when it is impossible to transfer the risk. Or, based on an evaluation of the economic loss exposure, it is determined that the diminutive value placed on the risk can be safely absorbed. Another consideration in retaining a risk is when the probability of loss is so high that to transfer the risk, it would cost almost as much as the cost of the worst loss that could ever occur, i.e., if there is a high probability of loss, it may be best to retain the risk in lieu of transferring it.
Risk Transfer is the shifting of the risk burden from one party to another. This can be done several ways, but is usually done through conventional insurance as a risk transfer mechanism, and through the use of contract indemnification provisions.
Risk Allocation is the sharing of the risk burden with other parties. This is usually based on a business decision when a client realizes that the cost of doing a project is too large and needs to spread the economic risk with another firm. Also, when a client lacks a specific competency that is a requirement of the contract, e.g., design capability for a design-build project. A typical example of using a risk allocation strategy is in the formation of a joint venture.
This is a strategy that focuses on minimizing the risk of loss to which an organization is exposed. Techniques used are avoidance and risk reduction.
Risk avoidance – this occurs when decisions are made that prevent risks from coming into existence in the first place, example an organization can avoid risks deciding not to engage in activities which it considers high risk e.g manufacture of explosives or poisonous substances.
Risk avoidance should only be used where exposure to risk is catastrophic and the risk cannot be transferred or reduced. Risk avoidance is a negative approach for managing risks because the advancement of personal and economic progress requires risk taking and if risk avoidance is used extensively the organization is unlikely to achieve its primary objectives.
Risk reduction- Risk reduction consists of all techniques that are designed to reduce the likelihood of loss or the potential severity (impact) of such losses should they occur.
Effort to reduce the likelihood of loss are referred to as loss prevention, while effort to reduce the severity of loss are referred to as loss control
Consideration of risk reduction
- Reduction of like hood of loss can be done through putting up signs such as no smoking sign on a petrol station or installing protective devices around machinery to reduce the number of injuries to employees. This will reduce frequency of loss or their probability.
- Reduction of severity of impact of loss. These can be done or demonstrated installing sprinkler or five extinguished or separation and dispersions of the company assets to different location in an effort to salvage company assets in case of loss.
- Engineering approach to loss prevention. This approach focuses on removal of hazard. It focuses on system analysis and mechanical unavoidable e.g air bugs can boost safety belts in vehicles.
- Human behavior approach on loss prevention. This approach focuses on the elimination of unsafe acts the person. This approach is based on the fact that most accidents are as a result of human failure e.g. alcohol and drug consumption fatigue among others.
- Timing of risk reduction measures Such measures may be designed for prior to the loss event, during the loss event and after the loss events. Measures prior to loss include:
- Training of personnel – measures before
- Measures during five; five:
- Fastening seat belts
Measures after the event may be:
- Rush victim to hospital
- Offer first aid
These concentrate on availing the funds to meet the losses arising from risks that remain after the application of risk control technique of measure. Risk financing include:
- Risk retention
- Risk acceptance
Risk retention/ acceptance/ self insurance
This is the most common method of dealing with risks whereorganization and individual face unlimited number of risks most of which nothing can be done about.
Risk retention can either be conscious (intentional) or unconscious (unintentional). It can also be voluntary or involuntary and even be funded or unfounded. When nothing can be done about the particular exposure then the risk is retained. It is in last resort on risk management strategy wherethe risk cannot be avoided, reduced or transferred. The self-assumption of risk consists of waiting for the event to happen with no effort to any financial provision in advance for the occurrence of risk. In some instances the individual subjected to the risk may provide some amount in advance to cover for the anticipated financial consequences of the risk normally referred to as self-insurance.
The major disadvantage of using insurance reserve is that:
- The amount set aside may be more or less at the time when the risk occurs.
- A loss may occur before the fund is sufficient to meet the risk
- There are chances that this fund may be mismanaged or may be misused the firm
Self-assurance is normally possible where there is a large number of risks and more of them have a large number of value. These objects are distributed such that the possibility of the risk occurring to all of them at the same time is minimal. As a general rule, the risks that are retained are those that need small losses.
Classes of risk retention
- Unintentional risk – It occurs when a risk is not recognized so that an individual or organization may unknowingly or unwillingly retain the risk of loss.
- Voluntary retention – Results from a decision to retain risk rather than avoid or transfer that risk. Sometimes voluntary retention will occur when a risk manager purchases insurance that does not cover fully the risk exposure.
- Involuntary retention – occurs when it’s not possible to avoid or reduce or transfer an exposure to an insurance company.
NB Voluntary retention occurs when its not possible to transfer, refer or avoid risks of loss e.g. death or earthquake.
- Funded Retention – This is where an organization sets side assets that are held in liquid or semi-liquid. To cater for the risk of loss. Such risks are visually accepted or retained the entity.
- Unfunded retention – Is a case where there are no budgeted allocations to meet uninsured losses.
If retention is used, the risk manager must have some established methods of paying for losses. This may include;
- Paying losses out of its current net income
- Funded or unfounded reserve.
- Borrow the necessary funds from a bank.
- A captive insurer can also be used to pay losses.
A captive insurer is an insurer established and owned a parent firm for the purpose of insuring the parent firm’s loss exposures. If the captive is owned only one parent, such as a corporation, it is known as a pure captive. If it is owned a sponsoring organization, such as a trade association, it is called an association or group captive.
Advantages of retention
- Saves money-The firm can save money in the long run if its actual losses are less than the loss allowance in the insurer’s premium.
- Lower expenses- The services provided the insurer can be provided the firm at a lower cost.
- Encourage loss prevention-Since the exposure is retained; there may be greater incentives for loss prevention.
- Increase cash flow- Cash flow may be increased, since the firm can use funds that normally would be held the insurer.
- Possible higher losses-The losses retained the firm may be greater than the loss allowance in the insurance premium.
- Possible higher expense- Expenses may actually be higher
- Possible higher taxes- Income taxes may also be higher as the premiums paid to the insurer are income tax deductibles.
Risk Transfer is the shifting of the risk burden from one party to another. This can be done several ways, There are various methods of transferring risks:
- Through purchase of insurance. Wherein consideration of a specific payment (premium) one party, the second party contracts to indemnity the first party against specified loss that may or may not occur up to a certain limit.
- Subcontracting whereif an employee accepts work which they are not fully competent without the assistance of others, they can subcontract the extra work. Extra work would involve specialist work which that employee lacks the knowledge to handle; or which would involve excessive amount of work beyond the capability of that employee.
- Through the use of contract indemnification provisions
- Leasing and renting
Rules in Risk Management
The following are the guidelines:
- Do not risk more than you can afford to risk. This does not tell us what needs to be done about a given risk but informs the individual or the company not to risk more than it can afford to retain. For instance, if the risk can result in bankruptcy, then retention is not the most appropriate method of managing the risk. The ability of a company to retain a particular risk is complicated and varies from one company to another and depends on company cash flow, liquidity position gearing level. The rule gives guideline as to which risks should never be retained that is those that are catastrophic.
- Consider the odds. If the individual can determine or predict the probability that a loss will occur then he/she is in a better position to deal with that risk than when he did not have such information. High, medium and low probability of risk enables the manager to determine which method of risk management to use.
- Do not risk a lot for a little. The risk should not be retained when possible risk is large relative to the premium saved through retention and vise versa. This rule requires that the risk manager analyses the cost benefit of the risk when selecting the appropriate method of handing the risk.
Risk Management Process
This refers to a series of steps that must be accomplished in managing risks. They include the following;
- Determination of objectives
- Identification of risks
- Evaluation of risks
- Considering alternatives and selecting the risk treatment device.
- Implementing decisions
- Evaluation and Review
Determination of objectives
The objectives of a risk management program must be determined initially i.e. deciding precisely what the organization would like the risk management to do.
Risk management has a variety of objectives that can be classified into two;
- Pre-loss objectives
- Post-loss objectives
This will include economy, reduction of anxiety, and meeting externally imposed obligations and social responsibility
This will include survival, continuity of operations, earning stability, continued growth and social responsibility. Other scholars have advocated that the objective of risk management is similar to the ultimate goal of other functions of the business, which is to maximize value of the organization.
The limitation to the value maximization objective is that it is only relevant to business entities and not relevant to the organization such as the government and non-governmental organization.
Some scholars have argued that the main objective of risk management is survival, in order to guarantee the continued existence of the organization or preserve the operating effectiveness of the organization.
This objective of survival will ensure that the organization is not prevented from achieving its objectives losses that may occur out of pure risk.
Because one cannot know those losses will occur or the amounts of such losses, arrangements to guarantee fee survival must reflect the worst possible combination of outputs.
Before risk management can be done, the risks that face the organization must be identified. This is the most difficult step because it is a continuous process as well as it is difficult to establish when risk identification has been done completely and exhaustively.
It is difficult to generalize about the risks that face the organization hence the need for a systematic approach to risk identification.
In risk identification we ask the question, how can the assets or earning capacity of the enterprise be threatened? The objective being to identify all risks facing the organization not limited to insurable or those experienced in the past. For risk identification to be successful there must be two essentials;
- The task of risk identification must be someone’s job. This is because everybody’s responsibility is nobody’s responsibility e.g. having a risk manager or someone’s job description includes risk identification. Good management on its own is not enough to identify risk, it must be someone’s job.
- The tools of risk identification must be available to the person to identify risk.
The techniques and tools of risk identification include;
Gaining thorough knowledge of the organization and its operations way of interviews and outside the organization as well as examining the internal records and documents.
Analysis of documents
The purpose of this is to discover trends. The documents to be analyzed include; financial statements, contracts, inventory records, valuation reports e.t.c.
The flow charts
The flow chart of an organization’s internal operations will view the organization as a process and therefore seek to discover all contingencies (Unexpected liabilities) that could interrupt the processes involved e.g. damage to key assets of the organization, loss of key staff through death, incapacitation or resignation.
Internal communication system
This is in order to assist the risk manager identify new risks especially from new developments.
Risk Analysis questionnaires
These are also referred to risk tact tenders and assist in identifying risks pausing a series of questions whose answers will indicate whether hazardous conditions exist e.g. does KSPS have flammable substances within the premises, does the college have fire extinguishers that are in operational order etc.
Exposure Check list
This refers to a list of common exposures where aim is to reduce chances of commissions and oversight some of which can be serious.
Insurance Policy checklists
These are checklists available from insurance companies and publishers of insurance material that indicate the variety of policies that exist to cover risks.
Export computer systems
Such systems incorporate the features of risks analyze questionnaires, exposure checklists and insurance policy checklists in one system.
Other Internal Records:
In addition to the Financial Statements there are other internal documents that can be used to identify loss. These include; corporate laws, annual reports, minutes of board and directors meetings, organization chart, policy manual, contracts such as leases and rental agreement, purchase orders etc.
On Site Inspection:
Involves visiting various locations and departments where assets are located. Just as one picture is worth a thousand words, one inspection tour may be worth a thousand checklists.
This specifies who bears the loss incase it happens e.g. in sales contract, you may be given a warrant.
Statistical Analysis of Past Losses:
This is done simulating the chance of occurring using data generated a computer based on past events. Example; In motor vehicle industry (Matatu) accidents occurs mostly during holidays (Easter, Xmas etc.) due to either overloading or over speeding.
- Studying organizational chart: Studying organizational chart could help the company identify exposure to pure loss through loss of key personnel. Example is the case of a very expensive machine critical to a manufacturing process which can only be operated one employee. This unfortunate state of affair could be identified through scrutiny of the organizational chart.
- Forecasting :The organization can identify its pure loss exposure through forecasting of expected income under normal circumstances and an estimation of post loss income .The difference is the loss
- Valuation of property: Knowledge of replacement values can help the risk manager to estimate the exposure to pure loss. Risk managers should keep current price and source list for their properties.
Evaluating Risks/Ranking risks/Prioritization
Once risks have been identified, the risk manager must evaluate them ranking them in terms of importance (prioritization).
Considering alternatives and selecting the risk treatment device.
There is need to consider the approaches that might be used to deal with risk and then select the technique appropriate to deal with the identified risk. During this stage, the risk manager is primarily concerned with deciding on which of the techniques available is appropriate.
In deciding which of the available techniques should be used, the risk manager should consider:
- The size of potential loss.
- The probability of potential loss
- Resources available to meet the loss should it occur.
- The cost and benefits of each of the techniques to be adopted.
Implementation of decisions
At this stage of the risk management process, a decision is made and implemented in the organization such that if the decision is loss prevention, then a loss prevention program must be designed and executed. If the decision is risk transfer through insurance, then the selection of the insurer negotiation and placement is made. If the decision is to retain risk, reserve funds must be accumulated in order to meet losses should they occur.
Evaluations and Review
There is need to evaluate and review the whole process due to the new changes that may occur and new risks that arise. Hence, the technique that was appropriate in previous periods may no longer be applicable in the current year.
Evaluation and review is important as it enables the risk manager to review decisions made and detect mistakes before they become costly. Review can be done repeating the steps of the risk management process to determine whether past decisions were proper in the light of existing conditions.
Risk Management Problems
Many of the challenges faced risk managers are often similar to those faced other managers. However, a number of key characteristics will tend to distinguish risk management problems and they include the following:
- Time horizon
- Measurement of costs and benefits
- Credibility of data
- Possible uncertainties
- Possible externalities
- Independent exposures
The evaluation of risk control efforts usually require long term view even up to 20 years in order to evaluate company’s risk management projects that require capital investment. Also, risk financing consideration companies will require a long-term horizon for example decisions regarding medical insurance schemes will be adopted a company as opposed to a company where a fixed medical allowance is granted to all employees or where medical bills are refunded upon production of genuine receipts.
Measuring costs and benefits
A good feature of a successful RM is where there’s absence of unpleasant surprises. When a risk manager prevents or reduces losses and benefits accruing to the company, they may not want to be faced with losses that they are not compensated. Some may be difficult to measure, hence the need to install safety devices, to prevent such un-contemplated risks.
Credibility of data
The justification of risk management efforts will often rely on the data developed from past experience, hence environmental change and the nature of the organization can make data obsolete for decision making purposes.
The prediction of future outcomes in order to make current decisions is often a risky task and can only be done use of probabilities.
Recognition of externalities
Externalities are economic costs that are not captured in the price of a product. They represent market failure to the extent that the market pricing systems fail to capture or predict production costs.
For example, when pricing and costing items in a factory, the pollution caused the factory may not be factored unless the factory is under duty to clean up such pollution.
Identification of Inter-dependence:
Inter dependent exposures are present when a single peril can cause more than one loss. Possible interdependence is of critical importance to a risk manager. For example, a natural calamity can trigger more than one loss such as property destruction; death etc yet such peril may not be insurable.
Risk Management evaluation techniques
Risk management can be measured using:
- Standard deviation
- Co-relation co-efficient