While the frequency or severity of adverse outcomes from any particular risk will vary with each business, the challenge remains to manage risks to reduce their adverse impact on business value. Management of these risks requires a coordinated, disciplined approach to eliminate or control risks. This managerial approach is called risk management.
What follows are some general guidelines that can help form the direction and basis for developing and implementing a comprehensive risk-management program in your organization.
What is risk management?
Risk management is the formal process by which an organization establishes its risk-management goals and objectives, identifies and analyzes its risks, and selects and implements measures to address its risks in an organized and coordinated fashion. The fundamental objective of risk management is to protect the assets and profits of the organization by reducing the potential for loss before it occurs, and by financing, through insurance and other means, potential exposures to catastrophic loss.
Risk management may be as uncomplicated as asking and answering three basic questions.
- What can go wrong?
- What will we do (both to prevent the harm from occurring and in the aftermath of an incident)?
- If something happens, how will we pay for it?
The benefits of risk management
There are consistent objectives and end results of any good risk-management program.
- A reduction in the number and size of accidental losses
- Established financial arrangements for unpredictable and catastrophic losses
- Appropriate financing arrangements for a predictable loss
- A reduction of the firm’s cost of risk to the absolute minimum
- Avoidance of high-loss-potential situations, where possible
The risk-management process
Risk management is a process a progression or series of actions that are taken with the purpose of minimizing losses or injuries in the organization. These actions may be set forth as a series of steps that lead to the goal of reduced losses and injuries. The six steps in the risk-management process are identified below.
- Establish the context. Establish the strategic, operational and other risk-management context within which the rest of the process will take place. Criteria for evaluating risk should be established and the structure of the analysis defined.
- Risk identification. Identify risk exposures (potential losses) and their causes.
- Risk analysis. Evaluate and measure the risk exposures. Prioritize the risk exposures by their significance to the organization.
- Design a risk-treatment strategy. Review risk-treatment alternatives and select appropriate risk-treatment methods, choosing an appropriate mix of risk-control and risk-financing techniques that are both effective and efficient.
- Implementation. Carry out the details of the risk-management plan.
- Monitor, review and report. Provide regular reporting on risk and risk treatments. Modify the risk-treatment strategies as needed to support organizational objectives.
Insurance may be the first way or the last way organizations seek to manage risk, but rarely is it the best way of handling risk. Risk management is an all-encompassing approach to dealing with risk by identifying, analyzing, controlling and financing risk, and seeking the most efficient methods for doing so.
Effectively done, risk management, whether through planning pre-loss activities, preparing the organization for losses or executing post-loss activities, offers a thorough and efficient approach to address the expenses of potential losses.
Robert Higgins, CPCU, ARM, ARMP, CRM, CIC, FRM, CRIS is a vice president with Schiff, Kreidler-Shell in their risk services department and has more than 25 years experience in insurance and risk management. He is a graduate of the University of Kentucky and Xavier University’s MBA program. Reach him at (513) 977-3188 or email@example.com.