The management of risk is the emerging management philosophy of tomorrow's successful company.  We are slowly eliminating the concept linking risk management and insurance.  Industry has been restructuring for over a decade and the emphasis has been on increasing efficiency and productivity whilst downsizing in terms of employee numbers.

A point has now been reached where all the benefits of restructuring are at risk unless the traditional management structure can embrace the new management paradigm of risk management.  The concept of project management overlaid with the principles of risk management enable an entity to manage effectively with a minimum of resources.  Failure to embrace the new paradigm will see companies shrivel and die because the restructuring has left no room for growth when opportunities allow.

A discussion with a colleague, Kevin Tant, produced the following outline for successful recognition of the concept of risk management as a new management discipline.   A lot of readers will see the obvious stated here, luckily you are the converted.  Risk management is the ability to identify, measure and finance the risks facing an entity in an effective way to ensure corporate growth and survival.

What do we mean by risk management?

Risk is a dynamic concept that requires identification and understanding.  It requires not just a professional and analytical approach, but also imagination and innovation.

Boards of Directors and risk managers should consider: -

Is risk good or bad?How do we identify risk?Should we avoid risk?Should we transfer risk?Should we retain risk? orShould we manage risk in the most efficient manner?

 

Risk must be identified, understood, managed and controlled.

Risk will certainly not identify itself! 

There is no economic benefit to be derived from waiting until risk strikes.

Risk, as far as many financial managers are concerned, is the cost of insurance and no more.  Finance and treasury managers have traditionally focused on the cash flows and cost of managing risk; it can either be managed in terms of financial risks (interest rate, risk, foreign exchange risk, liquidity risk, price risk, and credit risk) or in terms of operational risks via the insurance process.

The traditional insurance approach is no longer valid as the only alternative to managing and financing risk.  Finance directors and corporate treasurers are becoming increasingly aware that they must become involved in the "big picture" in terms of risk management.

Professional development in the treasury area is focusing their attention not just in terms of cost of managing financial risks, but also the need to focus on the increasing cash flows of managing other risks.

If management can control risks and their cost in a more efficient manner then the organisation will suffer fewer (potential) losses which will increase the benefits or profits to be gained from operations.

The early part of the 21st century has so far evidenced a difficult business environment.  Corporations have experienced difficulties in maintaining profitability in a recessive environment and traditional management practices have been under review in an endeavour to introduce more efficient ways of managing the underlying business.  This environment has impacted heavily upon the financial area where efficiencies in cost control have been sought.  Past philosophies such as:

insure everything, react rather than proact, don't worry about the cost because we have adequate financial resources, Ignorance

 

cannot be tolerated any longer.

There is now acceptance that the corporation must manage both opportunity and risk in a planned way.

Risk Defined

There is no single definition of risk.  It is traditionally defined as the uncertainty concerning the occurrence of loss.

Risk can be categorised as:

Objective Risk; the relative variation of actual loss from expected loss.  It can be statistically measured.  In insurance terms, objective loss declines as the number of exposures increases due to the law of large numbers.

The law of large numbers states that as the number of exposure units increases, the more closely will the actual loss experience approach the probable loss experience.

Subjective Risk; the uncertainty based on a person's mental condition or state of mind.

High subjective risk tends to result in conservative and prudent conduct whereas low subjective risk may result in less conservative conduct.

The chance of loss is considered to be the probability that an event will occur.  It can be categorised as: -

Objective Probability; the long run relative frequency of an event occurring based on an infinite number of observations and no change in underlying conditions.

Subjective Probability; an individual's estimate of the chance of loss.

Peril and hazard should not be confused with the concept of risk discussed earlier.

Peril is defined as the cause of loss whereas a hazard is a condition that creates or increases the chance of loss.  There are three types of hazard: -

Physical hazard; a physical condition that increases the chance of loss.

Moral hazard: dishonesty or character defects in an individual that increases the chance of loss.  It is usually the result of dishonesty.

Morale hazard; the carelessness or indifference to a loss because of the existence of insurance.

There are three major categories of risk: -

1. Pure and Speculative Risks.

Pure risk is a situation where there is only the possibility of loss or no loss.  There is usually no opportunity to profit from the loss.  These risks include personal risks, property risks and liability risks.

Speculative risk is a situation where either a profit or loss is possible.  It includes commercial and financial risks such as new product development, interest rate risk, foreign exchange risk, investment in the share market, etc.  Superannuation risk also includes gambling.

The law of large numbers can be applied more to pure risk than speculative risk.

2. Static and Dynamic Risks.

Static risks occur because of irregular actions by nature or individuals.

Dynamic risk is associated with a changing economy.

Most static risks are pure risks whereas all dynamic risks are speculative where both profit and loss are possible.

3. Fundamental and Particular Risks.

Fundamental risk, such as inflation relates to the entire economy or a large number of persons or groups within the community.

Particular risk affects generally individuals and not the entire community or country.

We have now looked at the various aspects of risk and put forward a series of definitions to focus the mind on the facets that can be termed risk.  Is risk good or bad and how as managers we need to answer that question on a case-by-case and event-by-event basis.

Risk Management Defined.

The introduction of risk management as a professional discipline means that a more concise definition of the process is required.

Risk management is a discipline that enables people and organisations to cope with the possibility that future events may cause some harm.

It is the identification, analysis and economic control of those risks that threaten the balance sheet (assets and liabilities) or earning capacity of the organisation.

Identification of risk is the most important process.  All risks that threaten the organisation must be identified.

Managing risk must have a significant impact on maximising profitability by protecting and enhancing an organisation's bottom line!

Methods of Managing Risk

Five methods are used to manage risk: -

1. Avoidance. This method can result in opportunity loss.

2. Retention. Risk retention can be both active and passive.

Active risk retention is a conscious decision to retain risk, such as self-insurance.  Managed appropriately it can save money for the organisation.

Active risk retention may also be the result of inadequate availability of commercial insurance or the high prohibitive cost of insurance premiums.

Passive risk retention is the retention of risk due to ignorance, indifference or laziness.

It often has the potential for destroying the organisation.

Retention can be a useful technique for handling risk in a modern corporate risk management program.  It is generally used for high frequency, low severity risks where potential losses are relatively small.

3. Non-insurance Transfers. This technique results in risk being transferred to a party other than an insurance company. It includes transfer of risk by contracts, hedging price risks and incorporation of a business firm.

4. Loss Control. Loss control consists of activities undertaken by the organisation to control the frequency and severity of losses. It has the objective of loss prevention and loss reduction.

5. Insurance. This has traditionally been seen as the most practical method of handling risk. It includes risk transference, the pooling technique and the law of large numbers in its application. Cost of insurance can be excessive and many multinational corporations are continually seeking new methods of cost reduction in the risk financing process.

Who Should Manage Risk?

When we consider the management and control of organisations, especially multinational corporations, the first reaction tends to be one of centralisation, i.e. the corporation will be able to manage more effectively from a centralised head office, especially in terms of costs.  This may be true from some perspectives, especially in some aspects of treasury such as cash management, but it cannot be true from a corporation's total risk position.

The optimum place for risk (not risk financing) to be managed is at the point that the exposure to risk occurs.  Most risks faced by a corporation are best managed in a decentralised way within a centralised policy coordinated by a professional risk manager.

The risk manager should be a coordinator of the various tasks associated with the identification, analysis and economic control of those risks, which threaten the assets, or earning capacity of the organisation.

The risk manager should provide loss prevention methods, techniques and resources to the line manager to enable the associated risk to be controlled and managed.

We cannot all be experts in every area of the technical and financial aspects of a business.

Risk should be managed as a whole using a number of managers as a team.

 Risk Financing

Risk Financing is concerned with the most efficient way of covering the financial cost of managing risk.  It tends to be result of previous decisions made in the risk management process including: -

1.  Risk Assessment    What can go wrong?

2.  Risk Control           What can we do about it?

3.  Risk Financing        How do we pay for it?

 

Although line managers are able to control and manage risks at the "coal face", risk financing is best managed in a centralised manner by the risk manager.

Line managers do not necessarily have the information to know if:

The exposure to risk will actually lead to loss rather than benefit. Not having a loss should also be considered a benefit.When the exposure to risk result in loss.How large the loss will be.

The organisation's interest can best be protected by centralising the risk financing process so that cost efficient risk financing can be undertaken.

The risk manager should have the primary role in establishing loss-financing techniques by smoothing out the cost of loss financing over a period of time.  This will no doubt exceed the normal (annual) planning horizons of line managers and will produce efficiency through the financial strength of the organisation.

Traditional participants in risk financing include the insured, the insurer, the reinsurer and intermediaries.

Risk financing must take into account a number of forms: -

1. Insurance; covering hazard risk funding such as property, crime, liability, life, etc. The limitation of this approach is that it is too focused on insurance products.

2. Public Policy; covering macro risk assessment such as environmental issues. This process tends to be too concerned with assessments and there is a lack of pragmatic financing solutions.

3. Financial; covering financial risks such as interest rates and foreign exchange rates. Its limitation is that it is too narrowly focused on specific risks and funding tools.

4. Safety and Security; covering risk control such as safety and quality control. The limitation with this is that it is often too moralistic and unrealistic with regard to cost.

The risk financing approach must consider: -

general management theory,insurance management and risk funding,macro risk assessment and decision risk theory,quality assurance methodology for products and services,loss prevention, safety and security engineering,crisis or contingency planning andfinancial engineering using derivative products.

Components of Risk Management

The risk management process must integrate, impact, inform, interpret and influence practices within the organisation.

A proactive approach to risk management is not just a reliance on good practice, or the creation of systems.  It is a process of managing risk.

The traditional approach placed great emphasis on insurance.

Insurance does nothing for risk!

Insurance only provides money to offset loss, the result of risk.  It is, however, an important risk (loss) financing tool.  In some instances, it is the only way an organisation can handle the consequences of being exposed to certain types of risks.

A common sense approach must be adopted.  The first approach is for the organisation, especially the Board of Directors, to be provided with an understanding of all (major) risks faced by the organisation.  They must fully understand the risks that need to be managed, their impact and the need to implement the various risk financing measures.

The basic components include:

1. Risk Management Policy.

The policy should be approved by the Board of Directors and should outline the broad objectives to be adopted in the risk management process.

It should consider the role of risk manager, its level of seniority and the level to whom the risk manager reports.

Risk management should be a negative compromise.

2. Risk Management Process.

This must define the basic steps to be followed is risk is to be managed.  Risk identification such as physical inspection, check lists, flow charts, hazard indices and hazard operability studies to name a few.

This is not a static concept.  As discussed earlier, risk is a dynamic concept that operates in a circular fashion.  It is an ongoing process.

3. Administrative Support for the Risk Management Process.

The risk management process cannot operate with inadequate resources.

Organisations providing inadequate resources are considered to be providing only "lip service" to the concept of risk management!

Risk Measurement.

Risk Measurement provides information to enable management to make more informed decisions about actions to be taken, especially in the areas of: -

risk financing,value of insurance,retention levels,premium allocations.

It should measure the total impact of risk on the organisation including the number of events, their cost, their frequency (historical and potential) and their severity (historical and potential).

The traditional measure of risk is in terms of frequency and probability.

The analysis must be understandable.

Risk measurement can best be highlighted in pictorial form rather than in the written word.  Graphs, frequency curves and loss layers are useful methods of conveying the impact to risk management to personnel within the organisation, especially the Board of Directors.

We have looked at the paradigm of risk management and suggested strongly that the future of companies will be based on the application of risk management principles.

Senior management and boards of directors have a duty of care to ensure correct management exists within the entities under their control.  Shareholders will be less forgiving in the future to those people who ignore developments in management that have the potential to make obsolete over night existing principles.  Especially since the restructuring of industry has created the environment where the application of new management methods will ensure survival.  Risk management supplies the framework for survival now and into the new century.

The risk manager of the future will be an educated professional, a generalist who will help their company navigate the minefield of business activity.  They will need to be recognized by their peers as a professional.  A combination of educational and professional qualification will become the paradigm for the future of the profession.