How to effectively use risk management in your organization

Why is it important to elevate the importance of risk management companywide?

Due to the catastrophic effect some exposures can have on an organization, it’s important for the risk management to be implemented consistently companywide. Risk retention can and may vary from department to department within an organization outside of the normal company culture, but only after a thorough risk analysis has been performed on the specific hazard/exposure. Corporate culture may dictate that the organization carry higher retentions, but if the organization is unable to control frequency, higher retentions become cost prohibitive.

How does a company’s level of risk tolerance impact risk management?

Identifying the company’s risk tolerance zone is important and will be considered when determining what solution best fits the organization for each exposure identified.

As different projects, changes in operations, exposures or hazards arise, a risk analysis should be performed to completely understand and identify the potential impact of the exposure to the organization. If the risk analysis falls within the tolerance corridor and is deemed acceptable to the organization, it can move forward with the appropriate risk management tool. Insurance is just one solution to risk management. Once the hazard or exposure is identified, the company will choose to eliminate, retain, reduce, transfer, minimize, avoid or control the risk.

How do you evaluate the data?

Data will be gathered at various stages of the risk management process based on historical data, industry data, flowcharts, inspections, compliance review, surveys or policy/procedure review. There are several ways to evaluate the data. This can be done by determining the likelihood and impact of the event occurring. When determining the likelihood, loss analysis, risk mapping, forecasting or probability analysis can be used. When determining the impact on the organization, cost benefit, payback analysis, net present value analysis or internal rate of return analysis can be used. Understanding the importance of the administration phase of the risk management program is critical and requires an organization to look at loss trends, or a trend in certain other factors. This is when the organization will use the data and make changes from an implementation or procedural standpoint to mitigate future losses. Many companies will effectively identify an exposure and will put a policy or procedure in place, but fail to monitor or revisit this exposure from time to time to measure the effectiveness of the program.

Exposures and hazards to an organization appear and change quickly, forcing companies to be reactive instead of proactive through their risk management program. Again, this is why it’s crucial to elevate the importance of risk management companywide.

Michael J. Lucas, CIC, CRM, is a partner with Millennium Corporate Solutions. Reach him at (909) 456-8911 or [email protected]