RISK MANAGEMENT

Introduction
Every business and organization faces the risk of unexpected, harmful events
that can cost the company money or cause it to permanently close. Risk management
allows organizations to attempt to prepare for the unexpected by minimizing risks and
extra costs before they happen.

Everyone knows what risk is; we use the word everyday and take risks regularly,
whether we realize it or not. In every decision you make, when assessing the pros and
cons, you are also doing a risk assessment.

The challenge is to make it a more conscious process where your business is

concerned.

What is risk, peril and hazard?

There is no single definition of risk. Many insurance authors traditionally have

defined risk for uncertainty. A risk is an uncertainty concerning the occurrence of a loss.
Peril, risk, and hazard: What’s the difference?

Peril, risk, and hazard are

three words used frequently in
business. They are terms used to
indicate the possibility of loss, and
are often used interchangeably, but
the insurance industry distinguishes
these terms.

Peril: Serious and immediate

danger.
Risk: Situation involving exposure to
danger.
Hazard: Danger or risk.

You could get away with

interchanging these words in day-to-day conversation. But in insurance and financial
circles, they each have a distinct meaning and it’s important to understand their
differences. Studypool

A risk is simply the possibility of a loss, but a peril is a cause of loss. A hazard is
a condition that increases the possibility of loss.

Take this for instance: Fire is a peril because it causes losses, while a fireplace is a
hazard because it increases the probability of loss from fire. Some things can be both a
peril and a hazard. Smoking, for instance, causes cancer and other health ailments,
while also increasing the probability of such ailments. Many fundamental risks, such as
hurricanes, earthquakes, or unemployment, that affect many people are generally
insured by society or by the government, while particular risks that affect individuals or
specific organizations, such as losses from fire or vandalism, are considered the
particular responsibilities of those affected.

To summarize: hazards increase the risk of a specific peril.

Hazard Examples: Icy roads, driving while intoxicated, improperly stored toxic waste.

Types of Hazards
Physical – Poor health, overweight, blind.
Moral – Dishonesty, drugs, alcohol abuse.
Morale – Careless attitude – reckless driving, jumping off a cliff, stealing, racing
motorcycles, carefree, careless lifestyle
Types of Risks:

1. Objective and Subjective Risks

Objective risk
It is the relative variation of actual loss from expected loss. It is measurable and
statistical.

Examples:
1. If we can gather enough data to give us a good understanding of what the threat
looks like (say, the frequency and magnitude of earthquakes in a particular area), we
can then start to assess the vulnerability and impact and therefore the risk of this kind
of event more objectively.
2. Assume that a fire insurer has 5000 houses insured over a long period and, on an
average, 1 percent, or 50 houses are destroyed by fire each year. However, it would be
rare for exactly 50 houses to burn each year and in some years, as few as 45 houses
may burn. Thus, there is a variation of 5 houses from the expected number of 50, or a
variation of 10 percent. This relative variation of actual loss from expected loss is
known as objective risk.

Objective risk declines as the number of exposures increases. More specifically,

objective risk varies inversely with the square root of the number of cases under
observation. Now assume that 5 lacs instead 5000 houses are insured. The expected
number of houses that will burn is now 5000, but the variation of actual loss from
expected loss is only 50. Objective risk is now 50/5000, or 1 percent.

Subjective risk
It can be defined as the degree of uncertainty perceived by an individual. It can
therefore vary from one person to another. It is uncertainty based on one’s mental
condition or state of mind.

Example: Somebody who has lost a lot of money in the stock market will probably feel
more risk investing in the market than someone who has profited handsomely.
Subjective risk may alter the behavior of the risk taker if it is an undesirable risk. Thus,
someone who was in a bad auto accident might drive much more carefully than
someone who has never been in one.

 Risks themselves aren’t objective or subjective. It’s how we approach

things that makes risks subjective or objective.
2. Static and Dynamic Risks

Static risk
Involves losses brought about by irregular action of nature or by dishonest
misdeeds and mistakes of men. These losses are present in an economy that is not
changing (static economy).

Dynamic risk
Risks brought about by changes in the economy. Generally, the result of
adjustments to misallocation of resources.

Examples: Changes in price level, income, tastes of consumers, technology

3. Pure and Speculative Risks

Pure risk
Is also called absolute risk, is a category of threat that is beyond human control
and has only one possible outcome if it occurs: loss. In pure risk, there is only the
prospect of loss or no loss. There is no prospect of gain or profit under pure risk. You
derive no gain from the fact that your house is not burnt down. If there is no fire
incident, the status quo would be maintained, no gain no loss, or a break-even
situation. Therefore, it is only the pure risks that are insurable.

Different Types of Pure Risk

Both the individual and business firms face different types of pure risks that pose
great threat to their financial securities. The different types of pure risks that we face
can be classified under any one of the followings:

(i) Personal risks

(ii) Property risks
(iii) Liability risks

Speculative risk
Is a controllable risk as it involves moral hazard that makes people seek out
some risks rather than avoid them, thus it’s a choice and not the result of uncontrollable
circumstances. Speculative risk can result in ether profit or loss.

Examples: Gambling transactions and financial investment activities

Other examples of speculative risk include taking parts in a football pool,

exporting to a new market, betting on horse race or motor race.

Speculative risks are no subject of insurance, and then are therefore not
normally insurable. They are voluntarily accepted because of their two-dimensional
nature of gain or loss.

4. Fundamental and Particular Risks

Fundamental risks
Affect the entire economy or large numbers of people or groups within the
economy.
 Examples: high inflation, unemployment, war, and natural disasters such as
earthquakes, hurricanes, tornadoes, and floods.

Particular risks
These are risks that affect only individuals and not the entire community. With
particular risks, only individuals experience losses, and the rest of the community are
left unaffected

Examples: burglary, theft, auto accident, dwelling fires.

5. Strategic and Operational Risks

Strategic risk
This represents a possible source of loss often determined by business plan
performance, business objectives, and the organization’s business strategy.

Operational risk
It represents risks related to the organization being able to execute against its
strategic plan.

On one hand, Strategic Risk is led by strategy while Operational Risk is more
tactical in nature. Most organizations are intent on identifying risk, putting controls in
place to prevent it, and ultimately mitigate or accepting the risk.

Organizations are finding that strategic risk management is something that can’t
be done the same old way and requires new creative thinking in order to execute
successfully.

Differentiating Pure Risk from Speculative Risk

Pure Risk Speculative Risk

1. Pure risk is a risk where there is 1. Speculative risk is a risk where
only the possibility of a loss or you both profit and loss are possible.
maintain a status quo. Only pure risks Speculative risks are not normally
are insurable. insurable.

The few exceptions of speculative risks

are insurable firms that insure their
institutional portfolio of investments
against loss.
2. Although there are some 2. Speculative risks are not
exceptions of pure risks which are not generally easily predictable. So, the
insurable. law of large numbers cannot be easily
applied to speculative risk.

However, gambling is one exception of

speculative risks to which the law of large
numbers can easily be efficiently applied.
 Society may benefit from a speculative
risk if a loss occurs. For example, a firm
may develop a new invention for
producing a commodity more cheaply.
As a result of this, a competitor may be
forced out of the market into bankruptcy.
In this situation, the society will benefit
since the products are produced more
efficiently and at lower cost to
consumers, even though competitor has
been forced into bankruptcy.

Speculative risks are more voluntarily

accepted because of its two-dimensional
nature of gain or loss.
3. Pure risk are generally easily
predictable than speculative risks. So
the application of the law of large
numbers can be more easily applied to
pure risk.
4. Society will not benefit from a pure
risk if a loss occurs. For example, if a
flood or earthquake devastates a region,
society will not benefit from such
devastation.
5. Pure risk is not voluntarily
accepted.

So what is risk management?

Risk management
The process of making and carrying out decisions that will minimize the adverse
effects of risk on an organization. The adverse effects of risk can be objective or
quantifiable like insurance premiums and claims costs, or subjective and difficult to
quantify such as damage to reputation or decreased productivity. By focusing attention
on risk and committing the necessary resources to control and mitigate risk, a business
will protect itself from uncertainty, reduce costs, and increase the likelihood of business
continuity and success.

A risk exists where there is an opportunity for a profit or a loss. In terms of

losses, we commonly refer to the risks as exposures to loss, or simply exposures. A fire
is an exposure. Defective products or defamation are liability exposures. The loss of
business that results from a damaged building or tarnished reputation is also an
exposure.

It is the process of identifying, assessing and controlling threats to an

organization's capital and earnings. These threats, or risks, could stem from a wide
variety of sources, including financial uncertainty, legal liabilities, strategic management
errors, accidents and natural disasters.

Risk management encompasses the identification, analysis, and response to risk

factors that form part of the life of a business. Effective risk management means
attempting to control, as much as possible, future outcomes by acting proactively rather
than reactively. Therefore, effective risk management offers the potential to reduce both
the possibility of a risk occurring and its potential impact.

Importance:
By implementing a risk management plan and considering the various potential
risks or events before they occur, an organization can save money and protect their
future.

Other Important benefits of risk management

 Creates a safe and secure work environment for all staff and customers.
 Increases the stability of business operations while also decreasing legal liability.
 Provides protection from events that are detrimental to both the company and
the environment.
 Protects all involved people and assets from potential harm.
 Helps establish the organization's insurance needs in order to save on
unnecessary premiums.

Why manage risks?

There are many reasons to manage risk. Some of them include:

1. Saving resources: people, income, property, assets, time

2. Protecting public image
3. Protecting people from harm
4. Preventing/reducing legal liability
5. Protecting the environment

Risk Management Structures

Risk management structures are tailored to do more than just point out existing
risks. A good risk management structure should also calculate the uncertainties and
predict their influence on a business. Consequently, the result is a choice between
accepting risks or rejecting them. Acceptance or rejection of risks is dependent on the
tolerance levels that a business has already defined for itself.

If a business sets up risk management as a disciplined and continuous process

for the purpose of identifying and resolving risks, then the risk management structures
can be used to support other risk mitigation systems. They include planning,
organization, cost control, and budgeting. In such a case, the business will not usually
experience many surprises, because the focus is on proactive risk management.

Response to Risks

Risk response is the process of developing strategic options, and determining

actions, to enhance opportunities and reduce threats to the project's objectives.
 Response to risks usually takes one of the following forms:

1. Avoidance

A business strives to eliminate a particular risk by getting rid of its cause. As the
name implies, quitting a particular action or opting to not start it at all is an option for
responding to a risk. When you choose to avoid a risk, you are cutting off any possibility
of it posing a threat to your enterprise.
This also means to eliminate the threat to protect the project from the impact of
the risk. An example of this is cancelling the project.

2. Transfer

This delegates, shifts the impact of the threat or transfers responsibility of the
risk to a third-party. An example of this is insurance. Purchasing insurance for your
home doesn’t reduce or eliminate damage from a storm, but it does provide a financial
safety net in the event damages do occur.
The goal of risk transfer is to ultimately reduce the (mostly financial) impact
should something materialize. The company is therefore willing to take a gamble on the
risk occurring.

3. Mitigation

Decreasing the projected financial value associated with a risk by lowering the
possibility of the occurrence of the risk or the act to reduce the probability of occurrence
or the impact of the risk. An example of this is choosing a different supplier.

4. Acceptance

Acknowledge the risk, but do not take any action unless the risk occurs. In some
cases, a business may be forced to accept a risk. This option is possible if a business
entity develops contingencies to mitigate the impact of the risk, should it occur.
An example of this is documenting the risk and putting aside funds in case the
risk occurs
In addition to the above responses, look at this…

Other four possible risk responses strategies for positive risks, or opportunities:

1. Exploit
Eliminate the uncertainty associated with the risk to ensure it occurs. An
example of this is assigning the best workers to a project to reduce time to complete.

2. Enhance
Increases the probability or the positive impacts of an opportunity. An example of
this adding more resources to finish early.

3. Share
Allocating some or all of the ownership of the opportunity to a third party. An
example of this is teams.

4. Acceptance
 Being willing to take advantage of the opportunity if it arises but not actively
pursuing it. An example of this is documenting the opportunity and calculating benefit if
the opportunity occurs.

Think of this…

When creating contingencies (a future event or circumstance which is possible

but cannot be predicted with certainty), a business needs to engage in a problem-
solving approach. The result is a well-detailed plan that can be executed as soon as the
need arises. Such a plan will enable a business organization to handle barriers or
blockage to its success because it can deal with risks as soon as they arise.

Looking back at the importance of Risk Management…

Risk management is an important process because it empowers a business with

the necessary tools so that it can adequately identify and deal with potential risks. Once
a risk has been identified, it is then easy to mitigate it. In addition, risk management
provides a business with a basis upon which it can undertake sound decision-making.

Remember this:

For a business, assessment and management of risks is the best way to prepare
for eventualities that may come in the way of progress and growth. When a business
evaluates its plan for handling potential threats and then develops structures to address
them, it improves its odds of becoming a successful entity.

In addition, progressive risk management ensures risks of a high priority are

dealt with as aggressively as possible. Moreover, the management will have the
necessary information that they can use to make informed decisions and ensure that
the business remains profitable.

Now look at how the risk analysis process works…

Risk Analysis Process

Risk analysis is a qualitative problem-

solving approach that uses various tools of
assessment to work out and rank risks for
the purpose of assessing and resolving
them. Here is the risk analysis process:

1. Identify existing risks

Risk identification mainly involves
brainstorming. A business gathers its
employees together so that they can review
all the various sources of risk. The next step
is to arrange all the identified risks in order
of priority. Because it is not possible to mitigate all existing risks, prioritization ensures
that those risks that can affect a business significantly are dealt with more urgently.

2. Assess the risks

In many cases, problem resolution involves identifying the problem and then
finding an appropriate solution. However, prior to figuring out how best to handle risks,
a business should locate the cause of the risks by asking the question, “What caused
such a risk and how could it influence the business?”

3. Develop an appropriate response

Once a business entity is set on assessing likely remedies to mitigate identified risks
and prevent their recurrence, it needs to ask the following questions: What measures
can be taken to prevent the identified risk from recurring? In addition, what is the best
thing to do if it does recur?

4. Develop preventive mechanisms for identified risks

Here, the ideas that were found to be useful in mitigating risks are developed into a
number of tasks and then into contingency plans that can be deployed in the future. If
risks occur, the plans can be put to action.

Sources:

https://uwaterloo.ca/ist-project-management-office/risk-responses
https://www.erminsightsbycarol.com/risk-response-strategies/