Risk management involves a formal decision making process. The
goal of this process is to reduce or eliminate the chance of economic
loss from static risks. The development of the risk management
approach has led to the formation of basic principles and concepts to
use in the process. The person who undertakes the establishment of
the program is called a risk manager.
Developing a Risk Management Program.
Risk Management programs can be used by commercial
organization or by an individual or family, An effective risk
management program involves identifying the risks, considering
alternative techniques, selecting the best technique, implementing
the program and evaluating the results. The evaluation is needed to
determine if the program is working or needs to be revised.
Identifying the risks. — Here the risk manager has to seek out
and assemble information about the organization and its various
exposures to loss. Initially this can be a lengthy process as it
involves collecting considerable date about the organization not only
current but past and future expected activities.
Information review. — It is important for the risk manager to
determine the various factors involved in the organization. There are
three questions to be answered.
“Who are we?” — Information is needed on the history of the
company, its various entities, ownership, officers, directors and
management. For many organizations it is necessary and important
to consider past, present and potential future loss exposures. As an
example actions or activities by a predecessor company or official
could cause litigation to occur today. It is particularly important toreview all mergers and acquisitions even if a unit may no longer be part of the organization.
“Where are we?” — Next the risk manager must determine the
locations of all real estate and personal property. Again, past,
present and future locations should be reviewed. There are some
federal and state regulations today that can hold a current or even a
former owner of property responsible under the regulation for prior
“What are we?” — Finally the risk manager considers the various
operations and products of the organization past, present and future.
Current operations and products should be able to be easily
reviewed. The risk management concerns for future activities and
products should be considered company wide. It is necessary to
review earlier and former operations and products as well. For
example a product that was marketed by the company or its
predecessor years earlier and no longer available could still become
the subject of current litigation.
The answers to these three questions regarding entities, locations
and operations are fundamental to the success of the risk
management program as they aid in determining the static risks
faced by the firm past, present and future. This also develops
information that may be necessary for insurance applications. Past
history is important as well as future plans because of the affect both
may have on developing the risk management program and the
underwriting of any insurance programs.
Inspection and Review. — This is the second step in the
identification process. “Inspection” involves a physical tour of the
facilities to look for potential loss exposures. “Review” means to
study documents and records to try to locate potential loss
exposures. While time consuming it is both necessary and important
for the risk manager to conduct a thorough investigation using both
There are four groups of loss exposures to identify and to review.
These are the following:
Liability loss exposures. — People, things and activities that can
injury other people or their property.Property loss exposures. — Real or personal property that can be damaged, destroyed or disappear.
Net income loss exposures. — These involve the loss of a firm’s
income or profits that could occur because its property was
damaged, destroyed or disappeared. Liability loss exposures can
also affect the net income of the organization.
Personnel loss exposures. — Conditions which can cause harm to
employees and result in a loss to the firm. Examples are death,
disability and disease which directly affect a key person or operation
in the organization.
Analyzing the information obtained. — The next step in the
development of a risk management program is to analyze the loss
exposures and other information that has been accumulated during
the identification, inspection and review stages in order to determine
how the overall loss exposures can best be treated.
A major factor in the analysis of loss exposures is to consider
alternative techniques to use to treat them other than simply
purchasing insurance products. In this stage each of the loss
exposures has to be considered with respect to the frequency with
which loss can occurs and the severity of a potential loss.
The basic rule about frequent losses is that they are normally
small dollar losses. They are the types that become more of a
nuisance than anything else. An example would be frequent cuts to
employees in a sheet metal plant. Often there are loss control steps
that can be taken to eliminate or reduce the problem of frequent
A severe loss is usually a rare event but one with a high dollar
value. These are the unexpected, unintended and often unusual
losses. For example an explosion involving a major portion of a plant
would be considered a severe loss.
Potential losses must also be analyzed with respect to the duration
of the downtime that would be created by the loss. Some facilities
and equipment can be replaced quickly while others may require
considerable time to get them back operational.
Finally during the analysis stage, the risk manager must determine
the limits of liability desired for liability exposures and the amount ofinsurance that would be needed for property, earnings and personnel loss exposures.
Selecting the best risk management technique. — The
information that has been obtained by the risk manager must now be
reviewed to determine which risk management techniques will be
used. Some techniques are used alone while some may be used
along with another technique.
There are four risk management techniques that are available to
the risk manager in the development of the program. The first is
avoidance which is used alone. The other three control, retention
and transfer may be combined or used individually.
Avoidance. — An individual or firm can avoid a particular loss
exposure by never having it or by eliminating it. For example never
owning a corporate aircraft or closing an in-plant spray paint
operation are examples of risk avoidance.
Control. — This technique is designed to control the hazards that
can increase the chance of loss. There are two major areas of
control which are property preservation and personnel conservation.
The loss control activities used in both areas are 1) Loss prevention
—Actions taken before a loss, 2) Loss reduction—Actions taken
during or after the loss and 3) Loss analysis—Activities undertaken
following the loss.
Retention. — This technique requires the firm to absorb part of the
chance of economic loss. The anticipated cost of loss is intentionally
retained when it is determined that the firm can absorb a particular
dollar level of loss. Types of retentions are non-insurance,
deductibles and percentage participations. Unfortunately risk can
also be retained through ignorance when the risk manager fails to
identify a particular loss exposure and no risk management
technique is applied.
Transfer. — A risk of economic loss that could be caused by a
particular loss exposure can be transferred to another party through
a provision in a contract. A hold harmless agreement is an example
where a contractor assumes the liability of a building owner for any
loss that might occur while the contractor is working on the building.
Another and more common type of transfer is to a professional risk
bearer—an insurance company. By purchasing an insurance policy,the risk manager transfers the chance of economic loss. In many
instances when an insurance contract is purchased, there may be a
requirement that the insured retain some of the risk and the
insurance company may initiate or participate in loss control
activities designed to reduce the chance of loss.
— When first considered the implementation of a risk management program seems to offer little problem. However in reality there must first be management approval for the program.
Second the risk manager, a staff person, must convince the line
managers that the program will be beneficial for them.
In most organizations the risk manager is in a staff position located
within the financial area. The risk management program to be
successful must be implemented throughout the firm. There are
questions as to who pays for the various parts of the program and
how much time can be taken from the workers in order to educate
them in the program particularly the loss control features. The full
support of top management is necessary if the program is to succeed.
— Once the program is in place, the risk manager
must monitor and evaluate its performance on a continuous basis.
Monitoring can be done through inspection and loss reports received
from the insurance companies as well as through reviews and other
internal reports. The evaluation of the program may lead to minor
revisions, which can make it even more productive.
The risk management process involves bringing together many
activities to increase the probability that the firm will not suffer
economic loss due to its static risks. It requires careful and deliberate
study and actions on the part of the risk manager, cooperation from
management and all other departments and a continuous monitoring
and evaluation. When properly carried out a risk management
program can result in fewer and less costly losses and reduce
overall insurance costs.