Chapter 1 - Introduction to Risk Management
Understanding and Quantifying Risk
Risk may yield both positive and negative outcomes. Opportunities cannot be pursued, and reward cannot be obtained, without incurring some risk. Because of this risk/reward relationship, individuals and organizations seek to maximize reward while minimizing the associated risk.
Therefore understanding and quantifying risk are the logical starting point for learning how to use risk management.
Properly defining risk is often difficult because it it can have many different meanings. Risk is defined as the uncertainty about outcomes, with the possibility that some of the outcomes can be negative.
Risk can be quantified by knowing the probability of possible outcomes.
In context of risk management, risk is the uncertainty about the possibility of loss.
The two elements within the definition of risk are these:
- Uncertainty of outcome - risk involves uncertainty about the type of outcome, the timing of outcome, or both the type and timing of the outcome. Uncertainty can be expressed as probabilities or possibilities.
- Possibility of a negative outcome - possibility means that an outcome or event may or may not occur. Possibility of loss : are evaluated along four dimensions namely : the loss frequency, the loss severity, the total dollar loss and the timing of loss.
-
Possibility compared with probability - the possibility of something occurring does not indicate the likelihood of it happening. The probability is the likelihood of the outcome or event occurring
To quantify risk, one needs to know the probability of the outcome or event occurring. Unlike possibility, probability is measurable and has a value between zero and one.
Probability : The likelihood that an outcome or event will occur. Unlike possibility, probability is measurable.
Possibility : means that a risk exists and has simply been identified. It does not quantify risk.
Classification of risk
- Pure and Speculative risk
- Subjective and Objective Risk
- Diversifiable and Non-Diversifiable Risk
- Quadrants of Risk (hazard, operational, financial and strategic)
These classifications are not mutually exclusive and can be applied to any given risk.
Pure Risk : A chance of loss or no loss, but no chance of gain.
Speculative Risk : A chance of loss, no loss, or gain. Is usually created intentionally
Distinguishing between pure and speculative risks is important because those risks must often be managed differently,
Credit Risk : The risk the customers or other creditors will fail to make promised payments as they come due. Relevant to any organization with accounts receivable such as banks or other financial institutions.
Price Risk : change in the cost of raw materials and other inputs, as well as cost-related changes in the market for completed products and other outputs.
Subjective Risk : The perceived amount of risk based on an individual's or organization opinion.
Objective Risk : The measurable variation of uncertain outcomes based on facts and data.
Subjective Risks can exist where Objective Risk does not.The close an individual's or organization's subjective interpretation of risk is to the objective risk, the more effective its risk management plan will likely be. Subjectivity is also necessary because facts are often not available to objectively assess risk.
Reason the subjective and objective risk can differ include :
- Familiarity and Control
- Consequence or Likelihood
- Risk Awareness
Diversifiable Risk : A risk that affects only some individuals, businesses, or small groups.
Non-Diversifiable Risk (or fundamental risk): A risk that affects a large segment of society at the same time.
Systemic Risk : are generally non-diversifiable. Example : Is the potential for a major disruption in the function of an entire market or financial system.
Quadrants of Risk :
- Hazard risks arise from property, liability, or personnel loss exposures and are generally the subject of insurance.
- Examples: Direct Damage to property, Indirect damage to property, Terrorism, Injury to employees, third party liability claims.
- Operational risks fall outside the hazard risk category and arise from people or a failure in processes, systems, or controls, including those involving informatio and technology.
- Examples : Product recall, Discrimination, Embezzlement, Workplace Violence, Kidnap, Turnover, Service Provider Failure, Supplier Business interruption
- Financial risks arise from the effect of market forces on financial assets or liabilities and include market risk, credit risk, liquidity risk, and price risk. It can be diversifiable or non-diversifiable
- Examples : Economic changes, Legislative changes, Commodity Prices, Exchange rates, Debt Rating, Liquidity, Currency Exchange Rates
- Strategic Risks arise from trends in the economy and society, including changes in the economic, political, and competitive environments, as well as from demographic shifts. These are speculative and diversifiable.
- Examples : Intellectual property, Technology, Competition, Acquisition/Merger, Union Relations, Product Design.
Hazard and Operational Risks are classified as pure risks, and financial and strategic risks are classified as speculative risks.
Market Risk : Uncertainty about an investments future value because of potential changes in the market for that type of investment.
Liquidity Risk : The risk that an asset cannot be sold on short notice without incurring a loss.
Focus of quadrants of risk is on the risk source and who traditionally manages it. Organizations define types of risk differently. Some organizations consider legal risks as operational risk, and some may characterize certain hazard risks as operational risk.
There can be overlap among the various categories of risk. Each organization should select categories that align with its objectives and processes.
Enterprise Risk Management
traditional risk management is concerned with an organization's pure risk, primarily hazard risk. The concept of enterprise risk management (ERM) was developed in recent years as a way to manage all of an organization's risks, including operational, financial, and strategic risk.
ERM : An approach to managing all of an organization's key business risks and opportunities with the intent of maximizing shareholder value. Also known as enterprise-wide risk management.
In ERM terms definition of risk management : Coordinated activities to direct and control an organization with regard to risk.
In ISO terms definition of risk management : The effect of uncertainty on objectives.
all definitions include the concept of of managing all of an organization's risks and its objectives is a key driver in deciding how to assess and treat risks.
Definition of ERM by various bodies
Risk and Insurance Management Society (RIMS) : A strategic business discipline that supports the achievements of an organization's objective by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio.
Casualty and Actuarial Society (CAS) : The discipline by which an organization in an y industry assesses, controls, exploits, finance's and monitors risks from all sources for the purpose of increasing the organization's short and long-term value to its stakeholders.
Committee of Sponsoring Organizations of the Treadway Commission (COSO) : Enterprise risk management is a process, affected by an entity's board of directors, management, and other personnel, applied in a strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.
Pillars of ERM
Risk Managed separately are not the same as thy are when managed together. Three main theoretical concepts explain how ERM works:
-
Interdependency - Assumption that statistical independent if the probability of one event occurring, does not affect the probability of a second event occurring.
-
Correlation - Correlation increases risk, while uncorrelated risks can reduce risks to the extent that provide a balance or hedge.
-
Portfolio Theory - a portfolio is a combination of risks. The portfolio theory assumes that risk includes both individual risks and their interactions.
In ERM , unlike traditional risk management organization model of having a risk manager and risk department to manage hazard risk, the responsibility of the risk management function is broader and includes all of an organization;s risks, not just hazard risks. Additionally the entire organization at all levels becomes responsible for risk management as the ERM framework encompasses all stakeholders.
Dodd-Frank Act, which became U.S. Law in 2010, requires that certain types of financial companies appoint board risk committees. A board risk committees may consist of the full board, the adult committee, r a dedicated risk committee. In addition, some public companies have formed an executive-level risk committee to assist the board in its risk oversight function. The executive-level committee might be chaired by a chief risk office (CRO), who reports to both the Chief Executive Officer, who reports to both the Chief Executive Officer (CEO) and the board risk committee.
As facilitator, the CRO engages the organization's management in a continuous conversation that establishes risk strategic goals in relationship to the organization's strengths, weakness, opportunities, and threats (SWOT). The stakeholders in the organization include employees, management, the board of directors, and shareholders. External stakeholders include customers, regulators, and the community.
In the fully integrated ERM organization, identifying and managing risk become part of every job description and every project. Successful risk management of strategic objectives becomes a measure on all evaluations.
Implementing ERM
- The risk management professional must have access to data from all organization areas and levels to identify and assess the organization's risks.
- The risk management process to manage those risks must be integrated throughout the organization.
- Risk managers must have authority to make and enforce necessary changes, often against significant resistance.
- Effective communication is essential to a successful ERM program
- An organization with a full integrated ERM program develops a communication matrix that moves information throughout the organization.
- The establishment of valid metrics and the continuous flow of cogent data are a critical aspect tho this communication process. The metrics are carefully woven into reporting structures that engage the entire organization, including both internal and external stakeholders.
Impediments to ERM
- Impediments to ERM is technological deficiency
- And traditional organization culture with its entrenched silos, each of the company functions typically had its own management structure.
LOSS EXPOSURES
Any condition or situation that presents a possibility of loss, whether or not an actual loss occurs.
Every loss exposures has three elements
- An asset exposed to loss
- Cause of loss (also called a peril)
- Financial consequences of the loss
Above elements can be described for the four basic types (categories) of loss exposures in which the insured has a financial ineterest.
- Property Loss Exposures : Tangible and Intangible Assets like patents, copyrights
- Liability Loss Exposures : At worst insured/entity may lose total wealth
- Personnel Loss Exposures : Key employee skills that cannot be easily replaced - due to death, disability, retirement or resignation
- Net Income Loss Exposures : Future stream of net income cash flows: Financial Consequences : increase in expenses and loss in revenue/profit
An asset exposed to loss - include property, investments, money that is owed to them, automobiles and cash. Intangible assets includes patents, copyrights and trademarks and human resources for organizations. Individuals may have intangible assets such as professional qualifications, a unique skill set, or valuable experience.
Cause of Loss :
- Hazard : A condition that increases that frequency or severity of a loss.
- Moral Hazard : A condition that increases the likelihood that a person will intentionally cause or exaggerate a loss. Example: intentionally causing, fabricating, or exaggerating a loss.
- Morale Hazard (attitudinal hazard) : A condition of carelessness or indifference that increases the frequency or severity of loss.
- Physical Hazard : A tangible characteristic of property, persons, or operations that tends to increase the frequency or severity of loss.
- Legal Hazard : A condition of the legal environment that increases loss frequency or severity.
Moral and Morale Hazards are behavior problems that can increases the frequency and/or severity of losses. The fundamental difference between these two types of hazard is intent. A moral hazard results from a deliberate act; a morale hazard results from carelessness or indifference.
Financial Consequences of Loss : depends on the type of loss exposure, the cause of loss, and the loss frequency and severity. financial consequences may be more difficult to determine, such as the value of business lost while the building damaged by fire is being restored.
Types of Loss Exposures
Property Loss exposures : A condition that presents the possibility that a person or an organizations will sustain a loss resulting from damage (including destruction, taking, or loss of use) to property in which that person or organization has a financial interest.
Property can be categorized as either tangible or intangible property.
-
Tangible Property : Property that a physical form.
-
Real Property (realty) : Tangible property consisting of land, all structures permanently attached to the land, and whatever is growing on the land.
-
Personal Property : All tangible or intangible property that is not real property.
-
Intangible Property : Property that has no physical form such as patents, copyrights, trademarks, trade secrets and customer goodwill.
Maximum financial consequence of a property loss is limited by the value of the property. However a property loss may also have an effect on the financial consequences of liability, personnel, or net income.
Liability Loss Exposures
Any condition or situation that presents the possibility of a claim alleging legal responsibility of person or business for injury or damage suffered by another party.
Insurers professional often use the rem "loss" to mean the event itself. In addition, they often refer to the loss in terms of the applicable property, the cause of loss, the consequences, or the applicable policy.
- When focusing on the type of property, they often refer to a "building loss" or a "personal property loss", regardless of the peril involved.
- When focusing on causes of loss, they often refer to a "fire loss", a "smoke loss" or a "theft loss"
- When focusing on consequences, they often refer to a "business income loss", an "extra expense loss", or an additional living expense loss" regardless of the type of property or causes of loss involved.
- When focusing on the applicable policy, they often use the policy name or type, such as a "homeowners loss", an "auto loss", or a "business interruption loss".
In liability loss exposures, extra costs include, defense costs, other claim-related expenses, and potentially adverse publicity, all of which produce a financial loss.
Personnel Loss Exposure
A condition that resents the possibility of loss caused by a key person's death, disability, retirement, or resignation, that deprives an organization of the person's special skill or knowledge that the organization cannot readily replace.
Personal Loss Exposure (aka human loss exposure)
Any condition or situation that presents the possibility of a financial loss to an individual or a family by such causes as death, sickness, injury or unemployment. Example : Death of primary wage earner of a family.
Net income Loss Exposure
A condition that presents the possibility of loss caused by a reduction in net income or increase in expenses resulting from propoerty loss. An indirect loss is a loss that results from, but is not directly cause by, a particular cause of loss. Estimating indirect losses is often challenging because of the difficulty in projecting the effects that a direct loss will have on revenues or expenses.
In the insurance industry, the term "net income losses" is usually associated with property losses, and some insurance policies provide coverage for net income losses related to property losses. However, there are many other causes of net income losses. Some net income losses are associated with the liability or personnel loss exposures that have traditionally been the focus of risk management.
Besides these, other potential net income losses that may affect individuals or organizations include these:
- Loss of goodwill
- Failure to perform
- Missed opportunities
Reducing the Financial Consequences of Risk
- The overall financial consequences of risk for a given asses or activity is the sum of three costs:
- the expected cost of the value of lost because of actual events that cause a loss (expected loss frequency times expected loss severity).
- the cost of the resources devoted to risk management for that asses or activity (which includs the costs of loss control, loss financing, and risk reduction.
- the cost of residual uncertainty (which includes the effects of uncertainty on the proces of the firm's products and on the price of the firm's stock).
For a particular asset or activity , the cost of risk can be broken down this way:
- Cost of losses not reimbursed by insurance or other external sources
- cost of insurance premiums
- cost of external funds, such as interest payments on loans or the transaction costs of noninsurance indemnity.
- cost of measures to prevent or reduce the size of potential funds
- cost of implementing and administering risk management
Benefits to Individuals
- Purchasing auto liability insurance enables them to transfer to liability loss exposure to the insurer
- The second benefit of risk management for individuals is that if reduces the residual uncertainty associated with risk.
Benefits of organizations
- Organization usually choose to manage their risks, because they, too, benefit from preserving their financial resources.
- Preservation of financial resources adds value to the organization and makes it a safer and more attractive investment
- The protection that risk management affords an organization's financial resources can, in turn, provide confidence that capital is protected against future costs such as property loss, interruption of future income, liability judgement s, or loss of key personnel. This sense of confidence is attractive both to suppliers and customers.
- Risk management also can reduce the deterrence effect of risk; that is, it can improve an organization's capacity to engage in business activities by minimizing the adverse effects of risk.
Benefits to Society
- Increase to productivity within an economy and improve the overall standard of living. Improves the allocation of society's scarce resources.
Risk Management Program Goals
Senior management support is essential to an effective and efficient risk management program. To gain that support, a risk management program should promote the organization's overall goals.
Risk management makes those who own or run an organization more willing to undertake risky activities.
Pre-Loss Goals
Goals to be accomplished before a loss, involving social responsibility, externally imposed goals, reduction of anxiety, and economy. It should help ensure that the organization’s legal obligations are satisfied.
Operational goals include
- Economy of operations : By comparing its costs oor (deparmental or organizational effeciency) of risk management with other similar organizations, an organization can measure its pre-loss goal of economy of operations.
- Tolerable uncertainty : To keep managers uncertainty at tolerable levels, how much money can company afford to loose. The goal of tolerable uncertainty is to allow managers to make and implement decisions without being unduly affected by uncertainty
- Legality
- The legality be based on :
- Standard of care that is owed to others
- Honor contracts entered into by the organization
- Federal, State, and Local Laws and Regulations
- Respond to liability exposures.
-
Illegality is itself a loss exposure.
- Social Responsiblity, it is both a pre-loss and post-loss goal. maintain a good public image.
Post-Loss Goals
Risk Management program goals that should be in place in the event of significant loss. Post-loss goals on the operating and financial conditions that the organization's senior management would consider acceptable after a significant cant foreseeable loss. These are six possible post-loss goals:
- Survival : most basic goal is survival (resume operations) after a loss has occurred , while the mose ambitious goal in uninterrupted growth.
- Continuity of operations
- Such Steps include these:
- Identify activitites whose interruptions cannot be tolerated
- Identify the types of events that could interrupt such activities
- Determine the standby resources that must be immediately available to counter the effects of those losses
- Ensure the availability of the standby resources at even the most unlikely and difficult times.
- The last step, ensuring the availability of standby resources, is likely to add to an organizaiton's expenses, and, accordingly, achieving the continuity of operations goal trands to be more costly tht the more basic goal of survival.
- Profitability
- In a for profit, it is to generate a net income
- In a not-for-profit it is to operate within the budget
- Maintain established minimum amount of profit
- Such a program stresses insurance and non-insurance transfers, raising the total risk management and financing costs.
- Earnings stability : After survival - earnings stability and profitability is secondary objective.
- Social Responsibility : Major goal for public entitites.
- Growth : Most ambitous after a loss has occured, but compared to survival it is difficult to achieve and sometimes conflicting.
The more ambitious a particular post-loss goal, the more difficult and costly it is to achieve.
Conflicting Goals : Spending money to reduce risk to a tolerable level, to meet legal obligations or to assure profitable growth can come at the expense of economizing operations (unprotected growth) or increase Risk Management costs to protect expanding resources (protected growth).
- More ambitious post-loss goals are costlier.
- among pre-loss goals, all legalities must be met reagrdless of cost, but uncertainy and social responsibility must be comprimised with economy.
- Any other conflicts among goalsmust be reconciled by the RM professional.
The Risk Management Process
Step 1: Identifying Loss Exposures methods such as document reviews , compliance analysis and outside expertise.
Step 2: Analyzing Loss Exposures : considering frequency , severity, total dollar losses and timing of loses. Timing of losses is the interval betweenloss occurence and loss payment. Timing is important because model held in reserve to pay for a loss can be invested until the payment is made.
Step 3: Examining the Feasibility of Risk Management Techniques : Risk Control Techniques and Risk Financing. These techniques are not used isolation.
Risk control techniques alter (minimize) the frequency and severity of losses, they also make losses more predicatble, and risk financing techniques pay for losses despite the controls.
Step 4: Selecting the Appropriate Risk Management Techniques or combination of risk management techniques
- Risk Control Techniques
- Loss Prevention reducing the frequency of a particular loss
- Loss Reduction reducing the severity of a particular loss
- Separation invovlves a particular acticity or asset over several locations
- Duplication involves relying on backups, that is, spares or duplicates, used only if primary assets or activities suffer loss.
- Diversification involves providing a range of products and services used by a variety of customers.
- Risk Financial Techniques based on cost/benefit analysis
- Retention involves generalizing finds from within the organization to pay for losses
- Transfer invovlves generalizing funds frin outside the organization to pay for losses and includes insurance and noninsurance transfer
- The three forecasts a financial analysts of a risk management technique may be based on are these:
- A forecast of the dimensions of expected losses (frequently, severity, timing of payment, and total dollar losses).
- A forecast, for each feaible combination of risk management techniques, of the effect on the frequency, severity and timing of these expected losses.
- A forecast of the after-tax costs invovlved in applying the various risk management techniques.
Step 5: Implementing the Selected Risk Management Techniques : The risk management techniques selected by for-profit organizations should be both effective in meeting the organizations' goals and economical.
Step 6: Monitoring Results and Revising the Risk Management Program : to adjust it to accommodate changes in loss exposures and the availability or cost-effectiveness of alternate risk management techniques.
- Establishing standards of acceptable performance
- Comparing actual results with these standards
- Correcting substandard performance or revising standards that prove to be unrealistic
- Evaluating standards that have been substantially exceeded
- Reavaluate your prior decisions in light of actual results and new conditions and adjust as needed.
Chapter 2 : Risk Assessment
The methods of information that enable an organization to take a systematic approach to identifying loss exposures include these:
- Document Analysis : Standardized Documents, Company-Specific, reviewing multiple documents is necessary to avoind failing to identify important loss exposures.
- Compliance Review
- Inspections
- Expertise within and beyond the organization
Risk Assessments Questionnaires and Checklists
Standardized checklists are published by America Management Association (AMA), the International Risk Management Institute (IRMI), the Risk and Insurance and Management Society (RIMS), and others.
Although some organizations, or trade associations have developed specialized checklists or questionnaires for their members most are created by insurers or insurance companies because
- to identify insurable hazard risks
- focus on listing the organization's assets, whereas others focus on identifying potential causes of loss that could affect the organization.
Linking loss exposures with the goals they support can be useful in analyzing the potential financial consequences of loss.
Checklists typically capture less information then questionnaires. They do not show how those loss exposures support or affect organization goals.
A Questionnaire captures more descriptive information than a checklist. They can capture the amounts or values exposed to loss. It can also be designed to include questions that address key property, liability, net income, and at least some personnel loss exposures. Additionally, the logical sequencing of question helps in developing a more detailed examination of the loss exposures an organization faces.
Both checklist and questionnaires may be produced by insurers and are called insurance surveys. Most of the question helps in developing a more details examination for which commercial insurance is generally available.
Risk Management and Risk Assessment questionnaires have a broader focus and address both insurable and uninsurable loss exposures. However a disadvantage of risk assessment questionnaires is that they typically can be completed only with considerable expense, time, and effort and still may not identify all possible loss exposures.
Standardizing a survey or questionnaire has both advantage and disadvantages. Standardized questionnaires are relevant for most organization can can be answered by persons who have little risk management expertise. However, no standardized questionnaire can be expected to uncover all the loss exposures particularly characteristic of a given industry. They respondent might not do anything more then answer the questions and not reveal any key information.
The questions should ideally by used in conjunction with other identification and analysis methods. Experienced insurance and risk management professionals often follow up with additional questions that are not on the standardized document.
Financial Statement and Underlying Accounting Records
It can help in identify any future plans that could lead to new loss exposures. Helps to identify major causes of loss exposures.
Balance Sheet : The financial statement that reports the assets, liabilities, and owners' equity of an organization as of a specific date. Owners' equity, or net worth, is the amount by which assets exceed liabilities. Asset entries indicate property values that could be reduced by loss. Liability entries show what the organization owes and enable the risk management professional to explore two types of loss exposures:
- Liabilities that could be increased or created by a loss
- Contracts or Obligations (such as mortgage payments) that the organization must fulfill, even it it were to close temporarily as a result of a business interruption.
- Property asset exposure can be seen in the asset section of the balance sheet.
Income Statement : The financial statement that reports an organization's profit or loss for a specific period by comparing the revenues generated with the expenses incurred to produce those revenues. Helps to identify net income loss exposures that reduce revenue or increase expenses.
Statement of Cash Flows : The financial statement that summarizes the cash effects of an organization's operating, investing and financing activities during a specific period. Using cash flow analysis can identify the amounts of cash either subjects to loss or available to meet continuing obligations. Expose financial risks, such as in the value of investments, interest rate, volatility, foreign exchange rate changes, or commodity price swings.
Major Disadvantage of financial statements for identifying loss exposures is that although they identify most of the major categories of loss, they do not identify or quantify individual personnel loss exposure. Another is the financial statement depict past activities but are of limited help in identifying projected values of future events.
Contracts
A contract is an agreement entered into by two or more parties that specifies the parties' responsibilities to one another. It is often necessary to consul legal experts when interpreting contracts.
Contract analysis can both identify the property and liability loss exposures generated or reduced by an organization's contract and ensure that the organization is not assuming liability that is disproportionate to its stake in the contract. Ongoing contract management is part of monitoring and maintaining a risk management program.
Two ways of contract liability
1) Hold Harmless Agreement( or Indemnity Agreement ): A contractual agreement that obligates one of the parties to assume the legal liability of another party.
2) If the organization fails to fulfill a valid contract them it will be a liability loss exposure.
Insurance Policies
Insurance is a means of risk financing, reviewing insurance policies can also be helpful in risk assessment.
Identify potential loss exposures which is not covered in the insurance policies.
Risk Manager can compare his or her coverage against an industry checklist of insurance policies currently in effect.
Organization Policies and Records
To identify loss exposures such as work related hazards. using organizational policies and records, such as corporate by-laws, board minutes, employee manuals, procedure manuals, mission statements, and risk management policies.
Sometimes Internal Documents are also used to identify potential liability loss exposures.
One drawback is the sheer volume of records/document that the organization generate internally to identify loss exposures,therefore management professionals would need to examine a representative sample of documents. This may make the task manageable, but increases the likelihood that not all loss exposures will be identified.
Flowcharts and Organizational Charts
A flowchart is a diagram that depicts the sequence of activities performed by a particular organization or process. An organization can use flowcharts to show the nature and use of the resources involved in this operations as as well as the sequence of and relationships between those operations.
Organization indicates the hierarchy of an organizations personnel and can help to identify key personnel for whom the organization may have a personnel loss exposure. IT can also help in identifying bottlenecks that may exist.
Disadvantage : the personnel identified is not guaranteed that he/she is a key personnel and the relative importance of the individual to the continued operation of profitability of the organization.
Loss Histories
Based on past loss histories are important indicators of current or future loss exposures and may not identify loss exposures which may not have occurred in the past.
Compliance Review
A compliance review determines an organizations' compliance with local, state, and federal statutes and regulations. The benefit of compliance reviews is the hey can help an organization minimize or avoid liability loss exposures because non-compliance can be a liability loss exposure.
Drawback is that they are expensive and time consuming. It is done by in-house legal and accounting resources otherwise it may have to sue outside expertise.
Personal Inspections
Loss exposures are best identified by personal inspections that would not appear on written descriptions of the organization's operations.
It should ideally be conducted by individuals whose background and skills, equip them to identify unexpected, but possible, loss exposures. The front-line personnel are best placed to identify non-obvious loss exposures.
Expertise within and beyond the Organization
Interviews should include a range of employees from every level of the organization. One area of specialization that often requires expertise from expert services is Hazard analysis which is a method that identifies conditions that increase frequency or severity of loss.
Data requirement for exposure analysis
Relevant Data : depends on the type of loss exposure studied
Complete Data : depends on the nature of loss exposure studied, having complete helps to isolate the nature of each loss
Consistent Data : to identify past patterns of loss, so that future loss are not underestimated or overestimated.
- the loss data must be collected on a consistent basis for all recorded losses
- data must be expresses in constant dollars, to adjust for differences in price levels
Nominal Dollar - dollar values at the time of loss
Current Dollars - dollars value today
Real or Constant Dollars - dollar values in some base year. the value enables comparison of losses that have occurred in different time periods.
Organized Data : Organize losses by size is also the foundation for developing loss severity distributions or loss trends over time.
Nature of Probability : the probability of an event is the relative frequency with which the event can be expected to occur in the long run in a stable environment. determine the probability that a certain event occur can be an important part of exposure analysis in the risk management process.
Theoretical Probability : Probability that is based on theoretical principles rather than on actual experience. Insurance rarely use them because very few loss exposures can be modeled with theoretical, but it is a great starting point to model empirical probability or improve the model. can be represented with table, chart or graph.
Empirical Probability : A probability measure that is based on actual experience through historical data or from the observation of facts.
The empirical probability deduced solely from historical data may change as new data are discovered or as the environment that produces those event changes.
Empirical probabilities are only estimates whose accuracy depends on the size and representatives nature of the samples being studied. In contrast, theoretical probabilities are constant as long as the physical conditions that generate then remain unchanged.
constructed the same way as theoretical probability ,
- first requirement is that it provides mutually exclusive and collectively exhaustive list of outcomes, loss categories (bins) must e designed so that all the losses can be included. One method is to divide the bins into equal number of sizes
- define the set of probabilities of each possible outcome
Law of Large Numbers :
A mathematical principle stating that as the number of similar but independent exposure units increase, the relative accuracy of predictions about future outcomes(predictions) also increases.
Limitation of law of large numbers
- the events have occurred in the past under substantially identical conditions and have resulted from unchanging, basic causal forces.
- the events can be expected to occur in the future under the same, unchanging conditions
- the events have been, and will continue to be, both independent of one another and sufficiently numerous.
Probability analysis : A technique for forecasting events, such as accidental and business losses, on the assumption that they are governed by an unchanging probability distribution which means
- a substantial volume of data on past losses
- fairly stable operation so that (except) for price level changes) patterns of past losses presumable will continue in the future
In organizations with this type of unchanging environment, past losses can be viewed as a sample of all possible losses that organization will suffer.
Probability distribution can be constructed from empirical probabilities.
a presentation (table, chart, or graph, of probability estimates of a particular set of circumstances and of the probability of each possible outcome
Should be mutually exclusive and collectively exhaustive. Can be of discrete (loss frequency) and continuous type of distribution (loss severity).
discrete probability can be shows as a table, example frequency distributions
continuous probability can be shows as a graph or by dividing the distribution into a countable number of bins. likelihood of those outcomes are plotted in a continuous graph and called as probability density functions. example : severity distribution.
the measures of central density represents the best guess as to what the outcome will be.
Central Tendency : the single outcome that is the most representative of all possible outcomes included within a probability distribution. can be used to compare the characteristics of different probability distributions.
Expected Value : the weighted average of all the possible outcomes of a theoretical, continuous and discrete probability distribution. for continuous it can be done but more difficult
Mean : for empirical distribution the sum of the values in a data set divided by the number of values. helps to give best guess of number of future events o dollar amount
Median : the value at the midpoint of a sequential data set with an odd number of values, or the mean of the two middle values of a sequential data set with an even number of values. a probability distribution median has a cumulative probability of 50 percent.
helps in selecting lower limits for retention levels and upper limits of insurance coverage
Mode : the most frequently occurring value in a distribution. Outcome directly below the peak of probability density function. Helps insurance companies to focus on outcomes that are most common.
In a symmetrical or standard bell-shaped distribution, the mean and the median has the same value.
Many loss distributions are skewed, asymmetrical distributions are common for severity distributions where most losses are small but there is a small probability of a large loss occurring. In such cases the median is a better guess than the mean.
Dispersion : used for analyzing probability distribution, to assess the credibility of the measures of central tendency in analyzing loss exposures.
Less dispersion means less uncertainty, will means less risk is involved in the loss exposure.
Measures of Dispersion
- Standard Deviation
- Coefficient of variation
A measure of dispersion between the values in a distribution and the expected value (or mean) of that distribution, calculated by taking the square root of the variance.
Standard Deviation of theoretical probability distribution
- Calculate the distribution's expected value or mean
- Subtract the expected value from each distribution value to find the differences
- Square each of the resulting differences
- Multiple each square by the probability associated with the value
- Sum the resulting products
- find the square root of the sum
Standard Deviation of Individual Outcomes - mostly used by insurance professional to measure dispersion of potential outcomes
- calculate the mean of the outcomes ( the sum of the outcomes divided by the number of outcomes)
- subtract the mean from each of the outcomes
- square each of the resulting differences
- sum these squares
- divide the sum by the number of outcomes minus one( this value is called variance)
- calculate the square root of the variance.
Coefficient of Variation
a measure of dispersion calculated by dividing a distribution's standard deviation by its mean. It is useful in comparing the variability of distributions that have different shapes, means, or standard deviation. the higher the variability, within a distribution, the more difficult it is to accurately forecast an individual outcome.
Normal Distribution
a probability that, when graphed, generates a bell-shaped curve.
- 34.13 % of all outcomes are within one standard deviation above the mean
- 68.26 % of all outcomes are within one standard deviation above and below the mean
- 13.59 % of all outcomes are within one standard deviation and two standard deviation
- 95.44 % of all outcomes are within two standard deviation above and below the mean
- 99.74 % of all outcomes are within three standard deviation above and below the mean
- 2.15 % of all outcomes are within two standard deviation and three standard deviation or 4.30%
- 0.13 % are above three standard deviation or 0.26%
Using this analysis, risk management can select an appropriate probability that level of coverage or risk
Analyzing Loss Frequency, Loss Severity, total dollar Losses and timing helps insurance and risk management professionals develop loss projections, and, therefore also helps them prioritize loss exposures so that risk management resources are prioritized for those loss exposures.
- Loss Frequency - The number of losses that occur during a specific period.
- Loss Severity - The dollar amount of loss for a specific period
- Total Dollar Losses - The total dollar amount of losses for all occurrences during a specific period. or maximum possible loss (MPL) is the total value exposed to loss at any one location or from any one event.
- Timing - The points at which losses occur and loss payments are made
If any of these dimensions of loss exposure analysis involve empirical distributions developed from past losses, the credibility of the data being used needs to be determined. Data credibility of the data being used needs to be determined which is the level of confidence that available data are accurate indicators of future losses
In liability cases, the maximum possible loss is limited to defendant's personal wealth. therefore, some practical assumptions must be made about the MPL in liability cases to properly asses that loss exposure. Instead of focusing on the defendant's total wealth, a common assumption is that the maximum amount that would be exposed to liability loss 95 percent (or 98 percent) of the time in similar cases is the MPL.
To study and prioritize loss frequency and loss severity joint the Prouty Approach,identifies the below categories
Loss Frequency -
Almost nil - Extremely unlikely to happen, virtually no possibility
Slight - Could happen but has not happened
Moderate - Happens occasionally
Definite - Happens regularly
Loss Severity -
Slight - Organization can readily retain each loss exposure
Significant - Organization cannot retain the loss exposure, some part of which must be financed
Severe - Organization must finance virtually all of the loss exposure or endanger its survival
Loss frequency and loss severity tend to be inversely related. The more severe a loss tends to be, the less frequently it tends to occur. conversely, the more frequently a loss occurs to a given exposure, the less severe the loss tends to be.
Another to study loss frequency and severity is to combine both into a total claims distribution.
Expected Total Dollar Losses can be projected by multiplying expected loss frequency by expected loss severity, while worst-case scenarios can be calculated by assuming high frequency and the worst possible severity.
Chapter 3 - Risk Control
Risk control : A conscious act or decision not to act that reduces the frequency and severity of losses or makes losses more predictable.
Risk control techniques can be classified using these six broad categories :
- Avoidance
- Loss Prevention
- Loss Reduction
- Separation
- Duplication
- Diversification
Avoidance : A risk control technique that involves ceasing or never undertaking an activity so that the possibility of a future loss occurring from that activity is eliminated
The aim of avoidance is not just to reduce loss frequency, but also to eliminate any possibility of loss. Avoidance should be considered when the expected value of the losses from an activity outweighs the expected benefits of that activity.
Avoidance can be reactive and proactive, where reactive avoidance seeks to eliminate a loss exposure that already exists.
Complete avoidance is not the most common risk control technique and typically neither feasible not desirable. Especially if they are core functions to the company.
Loss Prevention : A risk control technique that reduces the frequency of a particular loss.
Generally a loss prevention measure is implemented before a loss occurs in order to break the sequence of events that leads to the loss.
Heinrich's domino theory related to work injuries : included a sequence of five dominoes of which if any one can be removed then the loss can be prevented.
These are
- social environment and ancestry
- the fault of person
- personal or mechanical hazards
- the accident
- the injury
Loss Reduction : A risk control technique reduces the severity of a particular loss. Some loss reduction measures can prevent losses are well as reduce them.
The two broad categories of loss reduction measures are pre-loss measures, applied before the loss occurs, and post-loss measures, applied after the loss occurs. The aim of pre-loss measures, is to reduce the amount or extent of property damaged and the number of people injured or the extent of injury from a single event.
Post Loss measures typically focus on emergency procedures, salvage operations, rehabilitation activities, public relaxations, or legal defenses to halt the spread or to counter the effects of loss.
Disaster Recovery Plan : is a specialized aspect of loss reduction, also called catastrophe recovery plan or contingency plan, is a plan for backup procedures, emergency response, and post-disaster recovery to ensure that critical resources are available to facilitate the continuity of operations in an emergency situation without which the organization could not functions. Disaster Recovery plans typically focus on loss property loss exposures and natural hazards, not on the broader array of risks and associated loss exposures that may also threaten an organization's survival.
Separation : A risk control technique that isolates loss exposures from one another to minimize the adverse effect of a single loss.
It is rarely undertaken by its own sake, but is usually a byproduct of another management decision. The intent of separation is to reduce the severity of an individual loss at a single location. However, by creating multiple location, separation more likely increases loss frequency.
Duplication : A risk control technique that uses backups, spares, or copies of critical property, information, or capabilities and keeps them in reserve.
Duplication differs from separation in that duplicates are not a part of an organization's daily working resources Duplication is only appropriate if an entire asset or activity is so important that the consequences of its loss justifies the expense and time of maintaining the duplicate. Like separation, duplicate can reduce an organization's dependence on a single asset, activity or person, making individual losses smaller by reducing the severity of a loss that may occur. Duplication is not as likely as separation to increase loss frequency because the duplicates unit is kept in reserve and is not as exposed to loss as is the primary unit.
Duplication is likely to reduce the average expected annual loss from a given loss exposure because it reduces loss severity without increasing loss frequency significantly. Similar to separation, duplication can also make losses more predictable by reducing the dispersion of potential losses.
One option is for an organization to contractually arrange for the acquisition of equipment or facilities in the event that a loss occurs.
Diversification : A risk control technique that spreads loss exposures over numerous projects, products, markets, or regions.
Organization engage in diversification of loss exposures when they provide a variety of products and services that are used by a range of customers
As with separation, diversification has the potential to increase loss frequency, but by spreading risk , diversification reduces loss severity and can make losses more predictable.
Risk Control Goals
- Implement effective and efficient risk control measures - pre-loss and post-loss goals. Some risk control measures will be more effective than others, effectiveness is based on both quantitative and qualitative standards.
- Comply with legal requirements : such as federal statute, and support pre-loss goal of legal liability, part of the cost of risk
- Promote life safety
- Ensures business continuity
thereby support risk management program and helping organization achieve its goals.
Several measures of comparison of effectiveness, one of them is cash-flow analysis. the major advantage of using cash flow analysis for selecting risk control measures is that it provides the same basis of comparison for all value-maximizing decision and thereby helps the organization achieve its value-maximization goal. It is also very useful for not-for-profit organizations that want to increase their efficiency by reducing unnecessary expenditures on risk control.
The disadvantage of cash flow analysis include the weakness of the assumptions that often must be made to conduct the analysis and the difficulty of accurately estimating future cash flows. Moreover cash flow analysis works on the assumption that the organization's only goal is to maximize its economic value and does not consider any of the non-financial goals or selection criteria.
Life Safety : The portion of fire safety that focuses on the minimum building design, construction, operation, and maintenance requirements necessary to assure occupants of a safe exit from the burning portion of the building. these standards are codified in the Life Safety Code published by the National Fire Protection Association (NFPA) and cover the risk control technique of avoidance, loss prevention, and loss control.
Business Continuity : Business Continuity is designed to meet both the primary risk management program post-loss goal of survival and post-loss goal of continuity of operations. Loss exposures and their associated losses vary widely by industry, location, and organization. Because each organization is unique in its potential losses, each must also be unique in its application of risk control measures to promote business continuity
Applications of Risk Control Technique
Applicable to each of the below exposure
- Property
- Liability
- Personnel
- Net Income
Property loss exposures are generally divided into two categories - tangible and non-tangible. The risk control techniques that are most applicable to property loss exposures vary based on the type of property as well as the cause of loss threatening the property.
insurance producers and underwriters commonly examine commercial property loss exposures based on construction, occupancy, protection, and external exposure (known by their acronym - COPE - Construction, Occupancy, Protection, External Exposure).
Liability losses basis can be legal actions that can be brought by torts, contracts, or statutes. Three risk control techniques can be used to control liability losses
- Avoid the activity that creates the liability loss exposures
- decrease the likelihood of the losses occurring (loss prevention)
- if a loss does occur, minimize its effect on the organization (loss reduction)
Loss Prevention and Loss Reduction are most commonly used.
The most common loss prevention measure is to control hazards (conditions that increase the loss frequency or severity).
After a liability loss has occurred, individuals and organizations can implement loss reduction measures to reduce the severity of the liability loss. Such measures can include these:
- Consulting with an attorney for guidance through the legal steps necessary to resolve liability claims.
- Property responding to the liability claim and to the claimant in order to avoid feelings of ill will that may increase the claimant's demands.
- Participation in alternative dispute resolution. Litigation is a long and costly process. Some forms of alternative dispute resolution, such as mediation or arbitration, often help to resolve liability claims more quickly and more economically than litigation.
Personnel Loss Exposures
Loss prevention measures used to control work-related injury and illnesses typically involve education, training, and safety measures. An organization may also attempt to prevent personnel causes of loss that occur outside workplace by controlling key employees' activities through employment contracts. alternatively organizations may see a form of separation, such as restricting the number of key employees who can travel on the same aircraft.
Although all organization must comply with federally mandated safety measures issued by OSHA (the Occupational Safety and Health Administration), additional training and safety precautions are often cost-effective.
Net Income Loss Exposures : All measures to above exposures indirectly control net income loss. In addition to reducing the immediate effect property,liability or personnel losses, risk control effects must also control long-term effects such as a loss of market share that can result from the net income loss. Two risk control measures aimed at reducing the severity of losses is duplication and separation. Diversification is a also a viable risk control technique.
Business Continuity Management
Initial focus was on IT but now business continuity management plans have been expanded to
- Property Losses
- IT Problems
- Human Feelings
- Loss of Utility services or infrastructure
- Reputation losses
- Human asset losses (personnel losses)
A systematic approach to developing and implementing a business continuity plan involves these six steps :
- Identify the organization's critical functions
- Identify the risks( threats) to the organization's critical functions
- Evaluate the effect of the risks on those critical functions
- Develop a business continuity strategy
- Develop a business continuity plan
- Monitor and revise the business continuity process
These steps are similar to risk management process and are designed to assess and control risks
The duration of interruption necessary to produce a substantial effect depends on the function. It can help to minimize the scope of threats that can cause its demise.
A Business Continuity plan details the activities the organizations will take in response to an incident that interrupts its operations. The plan should be designed with the understanding that it is going to be used during a crisis; that is, it should be clear and able to be quickly reach and understood. It also provides a framework for organizations to develop a systematic response to a variety of risks that could be potentially threaten the future viability of the organization..
business continuity management and risk control are aimed at enabling an individual or organization to not only deal with hazards and loss exposures, but deal with them in the most efficient and cost-effective way in order to reduce the exposures to, and cost of, risk.
Chapter 4 : Risk Financing
Insurance and Risk management professionals seek to first understand the risk financing goals the individual or organization is trying to achieve.
Risk Management program goals are designed to support an individual or organization's overall goals. Because risk financing is an integral part of risk management program, risk financing goals should support risk management program goals.
Pay for Losses
Individuals and organizations need to ensure that funds are available to pay for losses when they occur. The availability of funds is particularly important in situations that disrupt normal activities. Paying for losses is also important, is for liability and to promote public relations also.
For many individuals and organizations, paying for losses does not equal to paying for the actual losses or portions of loss retained, it also covers transfer costs, which are costs paid in order to transfer responsibility for losses to another party (insurer). For financial risks, transfer costs could be the price of buying options to hedge the costs associated with currency exchange rate risk. For hazard risks, transfer costs are often insurance premium.
Risk Financing measure should be effective (pay for losses that do occur) as well as efficient (pay for losses in the most economical way).
