Uncertainty – types of Risks: Market Risk, Credit Risk, Operational Risk, interest risk, business risk, systematicrisk - Classifying pure risks – methods of handling pure risks – risk ma
Trang 1Risk and Insurance Management
MBA Second Year (Financial Management)
School of Distance Education Bharathiar University, Coimbatore - 641 046
Trang 2Author: B Murali Krishna, Pavan Kumar Copyright © 2008, Bharathiar University
All Rights Reserved
Produced and Printed
by
EXCEL BOOKS PRIVATE LIMITED
A-45, Naraina, Phase-I, New Delhi-110028
for
SCHOOL OF DISTANCE EDUCATION
Bharathiar University
Coimbatore-641046
Trang 3UNIT III Lesson 5 Growth & Development of Indian Insurance Industry 65
UNIT IV
UNIT V
CONTENTS
Trang 4RISK AND INSURANCE MANAGEMENT
SYLLABUS
UNIT I
Introduction to risk management: The Concept of Risk – Risk Vs Uncertainty – types
of Risks: Market Risk, Credit Risk, Operational Risk, interest risk, business risk, systematicrisk - Classifying pure risks – methods of handling pure risks – risk management process– Risk financing techniques – Risk management objectives – Risk ManagementInformation System (RMIS) – Risk Control
UNIT II
Risk Management by Individuals: Factors effecting individual demands for insurance –Risk Management by Corporations: Corporate Risk Management Process – Types ofRisk Managing firms
UNIT III
Growth & Development of Indian Insurance Industry – Regulations of Insurance Businessand The Emerging Scenario – Introduction to Life & General Insurance – Life Insurance:Features of Life Insurance – Essentials of Life Insurance Contract – Kinds of InsurancePolicies – Premium determination – Life Policy Conditions
UNIT IV
Fire Insurance: Fire Insurance Contracts – Fire Insurance Coverage – Policies for stocks– Rate Fixation in Fire Insurance – Settlement of Claims Marine Insurance: MarineInsurance Contract – Types of Marine Insurance – Marine Cargo Losses and Frauds –Settlement of claims
UNIT V
Miscellaneous Insurance: Motor Insurance – Employer’s Liability Insurance – PersonalAccident and sickness Insurance – Aviation Insurance – Burglary Insurance – FidelityGuarantee Insurance – Engineering Insurance – Cattle Insurance – Crop Insurance
Trang 55 Risk
UNIT I
Trang 66
Risk and
Insurance Management
Trang 77 Risk
LESSON
1
RISK
CONTENTS
1.0 Aims and Objectives
1.1 Introduction: Historical Background
1.2 Meaning and Definitions of Risk
1.8.1 Types of Pure Risks
1.9 Methods of Handling Risk
1.10 Risk Management Process
1.10.1 Steps in Risk Management Process
1.11 Potential Risk Treatments
Trang 88
Risk and
Insurance Management 1.0 AIMS AND OBJECTIVES
After studying this lesson, you should be able to:
z Know the concept of risk
z Study the various types of risk
z Know the methods of handling risk
z Know the process of risk management
1.1 INTRODUCTION: HISTORICAL BACKGROUND
Scenario analysis matured during Cold War confrontations between major powers, notably the U.S and the USSR It became widespread in insurance circles in the 1970s when major oil tanker disasters forced a more comprehensive foresight The scientific approach to risk entered finance in the 1980s when financial derivatives proliferated It reached general professions in the 1990s when the power of personal computing allowed for widespread data collection and numbers crunching
Governments are apparently only now learning to use sophisticated risk methods, most obviously to set standards for environmental regulation, e.g "pathway analysis"
as practiced by the United States Environmental Protection Agency
1.2 MEANING AND DEFINITIONS OF RISK
Risk is a concept that denotes a potential negative impact to some characteristic of value that may arise from a future event Exposure to the consequences of uncertainty constitutes a risk In everyday usage, risk is often used synonymously with the probability of a known loss
Risk communication and risk perception are essential factors for all human decision making
There are many definitions of risk that vary by specific application and situational context Risk is described both qualitatively and quantitatively
Qualitatively, risk is proportional to both the expected losses which may be caused by
an event and to the probability of this event Greater loss and greater event likelihood result in a greater overall risk
Frequently in the subject matter literature, risk is defined in pseudo-formal forms where the components of the definition are vague and ill-defined, for example, risk is considered as an indicator of threat, or depends on threats, vulnerability, impact and uncertainty
In engineering, the definition of risk is:
Measuring engineering risk is often difficult, especially in potentially dangerous industries such as nuclear energy Often, the probability of a negative event is estimated by using the frequency of past similar events or by event-tree methods, but probabilities for rare failures may be difficult to estimate if an event tree cannot be formulated Methods to calculate the cost of the loss of human life vary depending on the purpose of the calculation Specific methods include what people are willing to pay to insure against death, and radiological release (e.g., GBq of radio-iodine) There are many formal methods used to assess or to "measure" risk, considered as one of the critical indicators important for human decision making
Financial risk is often defined as the unexpected variability or volatility of returns and thus includes both potential worse-than-expected as well as better-than-expected returns References to negative risk below should be read as applying to positive
Trang 99 Risk
impacts or opportunity (e.g., for "loss" read "loss or gain") unless the context
precludes
In statistics, risk is often mapped to the probability of some event which is seen as
undesirable Usually, the probability of that event and some assessment of its expected
harm must be combined into a believable scenario (an outcome), which combines the
set of risk, regret and reward probabilities into an expected value for that outcome
Thus, in statistical decision theory, the risk function of an estimator δ(x) for a
parameter θ, calculated from some observables x, is defined as the expectation value
of the loss function L,
In information security, a risk is defined as a function of three variables:
z The probability that there is a threat
z The probability that there are any vulnerabilities
z The potential impact
If any of these variables approaches zero, the overall risk approaches zero
The management of actuarial risk is called risk management
1.3 RISK VS UNCERTAINTY
In his seminar work Risk, Uncertainty, and Profit, Frank Knight (1921) established the
distinction between risk and uncertainty
“ Uncertainty must be taken in a sense radically distinct from the familiar notion of
Risk, from which it has never been properly separated The term "risk," as loosely
used in everyday speech and in economic discussion, really covers two things which,
functionally at least, in their causal relations to the phenomena of economic
organization, are categorically different The essential fact is that "risk" means in
some cases a quantity susceptible of measurement, while at other times it is something
distinctly not of this character; and there are far-reaching and crucial differences in the
bearings of the phenomenon depending on which of the two is really present and
operating It will appear that a measurable uncertainty, or "risk" proper, as we shall
use the term, is so far different from an unmeasurable one that it is not in effect an
uncertainty at all We accordingly restrict the term "uncertainty" to cases of the
non-quantitive type.”
A solution to this ambiguity is proposed in "How to Measure Anything: Finding the
Value of Intangibles in Business" by Doug Hubbard
Uncertainty: The lack of complete certainty, that is, the existence of more than one
possibility The "true" outcome/state/result/value is not known
Measurement of Uncertainty: A set of probabilities assigned to a set of possibilities
Example: "There is a 60% chance this market will double in five years"
1.4 OPERATIONAL RISK
The risks are evaluated using fault free/event free techniques Where these risks are
low, they are normally considered to be "Broadly Acceptable" A higher level of risk
(typically up to 10 to 100 times what is considered Broadly Acceptable) has to be
justified against the costs of reducing it further and the possible benefits that make it
tolerable—these risks are described as "Tolerable if ALARP" Risks beyond this level
are classified as "Intolerable"
The level of risk deemed Broadly Acceptable has been considered by regulatory
bodies in various countries—an early attempt by UK government regulator and
academic F R Farmer used the example of hill-walking and similar activities which
Trang 10so-(PRA) (or Probabilistic Safety Assessment, PSA)
The quantifiable likelihood of loss or less-than-expected returns, for example: currency risk, inflation risk, principal risk, country risk, economic risk, mortgage risk, liquidity risk, market risk, opportunity risk, income risk, interest rate risk, prepayment risk, credit risk, unsystematic risk, call risk, business risk, counterparty risk, purchasing-power risk, event risk
1.5 INTEREST RATE RISK
The possibility of a reduction in the value of a security, especially a bond, resulting from a rise in interest rates This risk can be reduced by diversifying the durations of the fixed-income investments that are held at a given time
Prepayment risk Definition: The possibility that homeowners will pay off their
mortgage loans early, such as when interest rates fall and they decide to refinance
It is the variation in the single period rates of return caused by the fluctuations in the market interest rate Most commonly interest rate risk affects the price of bonds, debentures and stocks The fluctuations in the interest rates are caused by the changes
in the government monetary policy and the changes that occur in the interest rates of treasury bills and the government bonds, the bonds issued by the government and quasi government are considered to be risk free If higher interest rates are offered, investor would like to switch his investments from private sector bonds to public sector bonds If the government to tide over the deficit in the budget floats a new loan
of a higher rate of interest, there would be a definite shift in the funds from low yielding bonds to the high yielding bonds and from stocks to bonds
If stock market is in depressed condition, investors would like to shift their money to the bond market to have an assured rate of return
The rise or fall in the interest rate affects the cost of borrowing When the call money market rate changes, it affects the badla rate too Most of the stock traders trade in the stock market with the borrowed funds The increase in the cost of margin affects the profitability of the traders This would dampen the spirit of the speculative traders who use the borrowed funds The fall in the demand for securities would lead to a fall
in the value of stock index
Interest rates not only affect the security traders but also the corporate bodies who carry their business with borrowed funds The cost of borrowing would increase and a heavy outflow of profit would take place in the form of interest of the capital borrowed This would lead to a reduction in earnings per share and a consequent fall
in the price of share
Check Your Progress 1
1 Define business risk
Trang 1111 Risk
1.6 CREDIT RISK
The possibility that a bond issuer will default, by failing to repay principal and interest
in a timely manner Bonds issued by the federal government, for the most part, are
immune from default (if the government needs money it can just print more) Bonds
issued by corporations are more likely to be defaulted on, since companies often go
bankrupt Municipalities occasionally default as well, although it is much less
common and is also called default risk
1.7 BUSINESS RISK
Risk associated with the unique circumstances of a particular company, as they might
affect the price of that company's securities
Risk is the possibility of loss or injury It consists of two components the systematic
risk and unsystematic risk The systematic risk is caused by factors external to the
particular company and uncontrollable by the company the systematic risk affects the
market as a whole In case of unsystematic risk the factors are specific, unique ad
related to the particular industry or company
1.7.1 Systematic risk
The systematic risk affects the entire market Often we hear that stock market is bear
hug or in bull grip This indicates that the entire market is moving in particular
direction either downward or upward The economic conditions, political situations
and the sociological changes affect the security market There are factors which are
beyond the control of corporate and investor They cannot be entirely avoided by the
investor It drives home the point that the systematic risk is unavoidable The
systematic risk is further sub divided into
z Market risk
z Interest rate risk
z Purchasing power risk
Market risk
It is defined as that portion of total variability of return caused by the alternating
forces of bull and bear market When the security index moves upward haltingly for a
significant period of time it is known as bull market In bull market the index moves
from a low level to the peak Bear market is just a reverse to the bull market
The forces that affect the stock market are tangible and intangible events The tangible
events are real events such as earthquake, war, political uncertainty and fall in the
value of currency
Intangible events are related to market psychology The market psychology is affected
by the real events But reactions to the tangible events become over reactions and they
push the market in a particular direction
Any untoward political or economic event would lead to a fall in the price of the
security which would be further accentuated by the over reactions and the herd like
behavior of the investors If some institutions start disposing stocks the fear grips in
and spreads to other investors This results in a rush to sell the stocks This type of
over reaction affects the market adversely and the prices of the scrip fall below their
intrinsic values This is beyond the control of the corporate
Purchasing power risk
Variations in the returns are caused also by the loss of purchasing power of currency
Inflation is reason behind the loss of purchasing power The level of inflation
Trang 12Inflation may be demand pull or cost push inflation In demand pull inflation the demand for goods and services are in excess of their supply At full employment level
of factors of production, the economy would not be able to supply more goods in the short run and the demand for products pushes the price upward
The cost push inflation as the name itself indicates that the inflation or the rise in rice
is caused by the increase in the cost The increase in the cost of raw material, labor and equipment makes the cost of production high and ends in high price level The cost push inflation has a spiraling effect on price level
is reflected on the operating income and expected dividends The variation in expected operating income indicates the business risk Business risk is further divided into external business risk and internal business risk
A Internal business Risk
It is associated with the operational efficiency of the firm The operational efficiency
of operation is reflected on the company’s achievement of its pre set goals and the fulfillment of the promises to its investors
z Fluctuations in the sales: The sales level has to be maintained It is common in
business to lose customers abruptly because of competition Loss of customers will lead to a loss in operational income Hence the company has to build a wide customer base through various distribution channels Diversified sales force any help to tide over this problem
z Research and Development: Sometimes the product may go out of style or
become obsolescent It is the management, who has to overcome the problem of obsolescence by concentrating on the in house research and development program
z Personnel Management: The personnel management of the company also
contributes to the operational efficiency of the firm Frequent strikes and lock outs result in loss of production and high fixed capital cost The labor productivity also would suffer The risk of labor management is present in all the firms It is up to the company to solve the problems at the table level and provide adequate
Trang 1313 Risk
incentives to encourage the increase in labor productivity Encouragement given
to the laborers at the floor level would boost morale of the labor force and leads to
higher productivity and less wastage of raw materials and time
z Fixed Cost: The cost components also generate internal risk if the fixed cost is
higher in the cost component During the period of recession or low demand for
product the company cannot reduce the fixed cost At the same time in the boom
period also the fixed factor cannot vary immediately The high fixed cost
component in a firm would become a burden to the firm The fixed cost
component has to be kept always in a reasonable size so that it may not affect the
profitability of the company
z Single Product: The internal business risk is higher in case of firm producing a
single product The fall in demand for a single product would be fatal for the firm
Hence the company has to diversify the products if it has to face the competition
and the business cycle successfully
B External Risk
It is the result of operating conditions imposed on the firm by circumstances beyond
its control The external environments in which it operates exert some pressure on the
firm The external factors are:
z Social and regulatory factors
z Monetary and fiscal policies of the government
z Business cycle and general economic environment within which a firm operates
z Social and regulatory factors: Harsh regulatory climate and legislation against
the environmental degradation may impair the profitability of the industry Price
control, volume control, import export control and environment control reduce the
profitability of the firm This risk is more in industries related to public utility
sectors such as telecom, banking and transportation
z Political risk: It arises out of the change in government policy With a change in
the ruling party, the policy also changes Political risk arises mainly in the case of
foreign investment The host government may change its rules and regulations
regarding the foreign investment
z Business cycle: The fluctuations of the business cycle lead to fluctuations in the
earnings of the company Recession in the economy leads to a drop in the output
of many industries Steel and white consumer goods industries tend to move in
tandem with the business cycle During the boom period there would be hectic
demand for steel products ad white consumer goods But at the same time, they
would be hit much during recession period This risk factor is external to the
corporate bodies and they may not be able to control it
Financial Risk
It refers to the variability of the income to the equity capital due to the debt capital
Financial risk in a company is associated with the capital structure of the company
Capital structure of the company consists of equity funds and borrowed funds The
presence of debt and preference capital results in a commitment of paying interest or
prefixed rate of dividend The residual income alone would be available to the equity
holders The interest payment affects the payments that are due to the equity investors
The debt financing increases the variability of the returns to the common stock holders
and affects their expectations regarding the return The use of debt with the owned
funds to increase the return to the shareholders is known as financial leverage
Trang 1414
Risk and
Insurance Management 1.8 PURE RISK
A pure risk is one in which there are only the possibilities of loss or no loss (earthquake) A category of risk in which loss is the only possible outcome; there is no beneficial result Pure risk is related to events that are beyond the risk-taker's control and, therefore, a person cannot consciously take on pure risk This is the opposite of speculative risk
For example, the possibility that a person's house will be destroyed due to a natural disaster is pure risk In this example, it is unlikely that there would be any potential benefit to this risk
There are products that can be purchased to mitigate pure risk For example, home insurance can be used to protect homeowners from the risk that their homes will be destroyed
Other examples of pure risk events include premature death, identity theft and ending disabilities
career-Situation where there is a chance of either loss or no loss, but no chance of gain; for example either a building will burn down or it won't Only pure risks are insurable
because otherwise (where the chance of the occurrence of a loss is determinable)
insurance is akin to betting and the insured may stand to gain from it—a situation
contrary to the most fundamental concept of insurance Also called absolute risk
1.8.1 Types of Pure Risks
z Personal risks involve the possibility of a loss or reduction in income, extra expenses or depletion of financial assets:
Premature death of family head
Insufficient income during retirement
Most workers are not saving enough for a comfortable retirement
Poor health (catastrophic medical bills and loss of earned income)
z Direct loss vs indirect loss:
A direct loss is a financial loss that results from the physical damage, destruction, or theft of the property, such as fire damage to a restaurant
An indirect loss results indirectly from the occurrence of a direct physical damage or theft loss, such as lost profits due to inability to operate after a fire
z Liability risks involve the possibility of being held liable for bodily injury or property damage to someone else:
There is no maximum upper limit with respect to the amount of the loss
A lien can be placed on your income and financial assets
Defence costs can be enormous
1.9 METHODS OF HANDLING RISK
Because risk is the possibility of a loss, people, organizations, and society usually try
to avoid risk, or, if not avoidable, then to manage it somehow There are 5 major methods of handling risk: avoidance, loss control, retention, non-insurance transfers, and insurance
Trang 1515 Risk
1.9.1 Avoidance
Avoidance is the elimination of risk You can avoid the risk of a loss in the stock
market by not buying or shorting stocks; the risk of a venereal disease can be avoided
by not having sex, or the risk of divorce, by not marrying; the risk of having car
trouble by not having a car Many manufacturers avoid legal risk by not
manufacturing particular products
Of course, not all risks can be avoided Notable in this category is the risk of death
But even where it can be avoided, it is often not desirable By avoiding risk, you may
be avoiding many pleasures of life, or the potential profits that result from taking
risks Those who minimize risks by avoiding activities are usually bored with their life
and don’t make much money Virtually any activity involves some risk Where
avoidance is not possible or desirable, loss control is the next best thing
1.9.2 Loss Control
Loss control works by either loss prevention, which involves reducing the probability
of risk, or loss reduction, which minimizes the loss
Losses can be prevented by identifying the factors that increase the likelihood of a
loss, then either eliminating the factor or minimizing its effect For instance, speed
and driving drunk greatly increase auto accidents Not driving after drinking alcohol is
a method of loss prevention that reduces the probability of an accident Driving slower
is an example of both loss prevention and loss reduction, since it both reduces the
probability of an accident and, if an accident does occur, it reduces the magnitude of
the losses, since slower speeds yield less damage
Most businesses actively control losses because it is a cost-effective way to prevent
losses from accidents and damage to property, and generally becomes more effective
the longer the business has been operating
1.9.3 Retention
Risk retention, as active retention or risk assumption, is handling the unavoidable or
unavoided risk internally, either because insurance cannot be purchased for the risk,
because it costs too much, or because it is much more cost-effective
Usually, retained risks occur with greater frequency, but have a low severity An
insurance deductible is a common example of risk retention to save money, since a
deductible is a limited risk that can save money on insurance premiums for larger
risks Businesses actively retain many risks—self-insurance—because of the cost or
unavailability of commercial insurance
Passive risk retention is retaining risk because the risk is unknown or because the risk
taker either does not know the risk or considers it a lesser risk than it actually is For
instance, smoking cigarettes can be considered a form of passive risk retention, since
many people smoke without knowing the many risks of disease, and, of the risks they
do know, they don’t think it will happen to them Another example is speeding Many
people think they can handle speed, and that, therefore, there is no risk
However, there is always greater risk to speeding, since it always takes longer to stop,
and, in a collision, higher speeds will always result in more damage or risk of serious
injury or death, because higher speeds have greater kinetic energy that will be
transferred in a collision as damage or injury Since no driver can possibly foresee
every possible event, there will be events that will happen that will be much easier to
handle at slower speeds than at higher speeds For instance, if someone fails to stop at
an intersection just as you are driving through, then, at slower speeds, there is
obviously a greater chance of avoiding a collision, or, if there is a collision, there will
be less damage or injury than would result from a higher speed collision
Trang 16Investors can reduce their liability risk in a business by forming a corporation or a limited liability company This prevents the extension of the company’s liabilities to its investors
1.9.5 Insurance
Insurance is another major method that most people, businesses, and other organizations can use to transfer pure risks by paying a premium to an insurance company in exchange for a payment of a possible large loss By using the law of large numbers, an insurance company can estimate fairly reliably the amount of loss for a given number of customers within a specific time An insurance company can pay for losses because it pools and invests the premiums of many subscribers to pay the few who will have significant losses Not every pure risk is insurable by private insurance companies Events which are unpredictable and that could cause extensive damage, such as earthquakes, are not insured by private insurers Nor are most speculative risks—risks taken in the hope of making a profit
1.10 RISK MANAGEMENT PROCESS
In ideal risk management, a prioritization process is followed whereby the risks with the greatest loss and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order
In practice the process can be very difficult, and balancing between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be mishandled
Intangible risk management identifies a new type of risk - a risk that has a 100% probability of occurring but is ignored by the organization due to a lack of identification ability For example, when deficient knowledge is applied to a situation,
a knowledge risk materializes Relationship risk appears when ineffective collaboration occurs Process-engagement risk may be an issue when ineffective operational procedures are applied These risks directly reduce the productivity of knowledge workers, decrease cost effectiveness, profitability, service, quality, reputation, brand value, and earnings quality Intangible risk management allows risk management to create immediate value from the identification and reduction of risks that reduce productivity
Risk management also faces difficulties allocating resources This is the idea of opportunity cost Resources spent on risk management could have been spent on more profitable activities Again, ideal risk management minimizes spending while maximizing the reduction of the negative effects of risks
Trang 1717 Risk
1.10.1 Steps in the Risk Management Process
Establish the context
Establishing the context involves:
z Identification of risk in a selected domain of interest
z Planning the remainder of the process
z Mapping out the following:
z The social scope of risk management
z The identity and objectives of stakeholders
z The basis upon which risks will be evaluated, constraints
z Defining a framework for the activity and an agenda for identification
z Developing an analysis of risks involved in the process
z Mitigation of risks using available technological, human and organizational
resources
Identification
After establishing the context, the next step in the process of managing risk is to
identify potential risks Risks are about events that, when triggered, cause problems
Hence, risk identification can start with the source of problems, or with the problem
itself
Source analysis: Risk sources may be internal or external to the system that is the
target of risk management Examples of risk sources are: stakeholders of a project,
employees of a company or the weather over an airport
Problem analysis: Risks are related to identify threats For example: the threat of
losing money, the threat of abuse of privacy information or the threat of accidents and
casualties The threats may exist with various entities, most important with
shareholders, customers and legislative bodies such as the government
When either source or problem is known, the events that a source may trigger or the
events that can lead to a problem can be investigated For example: stakeholders
withdrawing during a project may endanger funding of the project; privacy
information may be stolen by employees even within a closed network; lightning
striking a Boeing 747 during takeoff may make all people onboard immediate
casualties
The chosen method of identifying risks may depend on culture, industry practice and
compliance The identification methods are formed by templates or the development
of templates for identifying source, problem or event Common risk identification
methods are:
Objectives-based risk identification: Organizations and project teams have objectives
Any event that may endanger achieving an objective partly or completely is identified
as risk
Scenario-based risk identification: In scenario analysis different scenarios are
created The scenarios may be the alternative ways to achieve an objective, or an
analysis of the interaction of forces in, for example, a market or battle Any event that
triggers an undesired scenario alternative is identified as risk - see Futures Studies for
methodology used by Futurists
Taxonomy-based risk identification: The taxonomy in taxonomy-based risk
identification is a breakdown of possible risk sources Based on the taxonomy and
Trang 18Common-risk Checking: In several industries lists with known risks are available
Each risk in the list can be checked for application to a particular situation An example of known risks in the software industry is the Common Vulnerability and Exposures list found at http://cve.mitre.org
Risk Charting: This method combines the above approaches by listing Resources at
risk, Threats to those resources Modifying Factors which may increase or reduce the risk and Consequences it is wished to avoid Creating a matrix under these headings enables a variety of approaches One can begin with resources and consider the threats they are exposed to and the consequences of each Alternatively one can start with the threats and examine which resources they would affect, or one can begin with the consequences and determine which combination of threats and resources would be involved to bring them about
Assessment
Once risks have been identified, they must then be assessed as to their potential severity of loss and to the probability of occurrence These quantities can be either simple to measure, in the case of the value of a lost building, or impossible to know for sure in the case of the probability of an unlikely event occurring Therefore, in the assessment process it is critical to make the best educated guesses possible in order to properly prioritize the implementation of the risk management plan
The fundamental difficulty in risk assessment is determining the rate of occurrence since statistical information is not available on all kinds of past incidents Furthermore, evaluating the severity of the consequences (impact) is often quite difficult for immaterial assets Asset valuation is another question that needs to be addressed Thus, best educated opinions and available statistics are the primary sources of information Nevertheless, risk assessment should produce such information for the management of the organization that the primary risks are easy to understand and that the risk management decisions may be prioritized Thus, there have been several theories and attempts to quantify risks Numerous different risk formulae exist, but perhaps the most widely accepted formula for risk quantification is:
Rate of occurrence multiplied by the impact of the event equals risk
Later research has shown that the financial benefits of risk management are less dependent on the formula used but are more dependent on the frequency and how risk assessment is performed
In business it is imperative to be able to present the findings of risk assessments in financial terms Robert Courtney Jr (IBM, 1970) proposed a formula for presenting risks in financial terms The Courtney formula was accepted as the official risk analysis method for the US governmental agencies The formula proposes calculation
of ALE (annualised loss expectancy) and compares the expected loss value to the security control implementation costs (cost-benefit analysis)
1.11 POTENTIAL RISK TREATMENTS
Once risks have been identified and assessed, all techniques to manage the risk fall into one or more of these four major categories:
Trang 1919 Risk
Ideal use of these strategies may not be possible Some of them may involve trade-offs
that are not acceptable to the organization or person making the risk management
decisions Another source, from the US Department of Defense, Defense Acquisition
University, calls these categories ACAT, for Avoid, Control, Accept, or Transfer
This use of the ACAT acronym is reminiscent of another ACAT (for Acquisition
Category) used in US Defense industry procurements, in which Risk Management
figures prominently in decision making and planning
1.11.1 Risk Avoidance
Includes not performing an activity that could carry risk An example would be not
buying a property or business in order to not take on the liability that comes with it
Another would be not flying in order to not take the risk that the airplane was to be
hijacked Avoidance may seem the answer to all risks, but avoiding risks also means
losing out on the potential gain that accepting (retaining) the risk may have allowed
Not entering a business to avoid the risk of loss also avoids the possibility of earning
profits
1.11.2 Risk Reduction
Involves methods that reduce the severity of the loss or the likelihood of the loss from
occurring Examples include sprinklers designed to put out a fire to reduce the risk of
loss by fire This method may cause a greater loss by water damage and therefore may
not be suitable Halon fire suppression systems may mitigate that risk, but the cost
may be prohibitive as a strategy
Modern software development methodologies reduce risk by developing and
delivering software incrementally Early methodologies suffered from the fact that
they only delivered software in the final phase of development; any problems
encountered in earlier phases meant costly rework and often jeopardized the whole
project By developing in iterations, software projects can limit effort wasted to a
single iteration
Outsourcing could be an example of risk reduction if the outsourcer can demonstrate
higher capability at managing or reducing risks [2] In this case companies outsource
only some of their departmental needs For example, a company may outsource only
its software development, the manufacturing of hard goods, or customer support needs
to another company, while handling the business management itself This way, the
company can concentrate more on business development without having to worry as
much about the manufacturing process, managing the development team, or finding a
physical location for a call center
1.11.3 Risk Retention
Involves accepting the loss when it occurs True self insurance falls in this category
Risk retention is a viable strategy for small risks where the cost of insuring against the
risk would be greater over time than the total losses sustained All risks that are not
avoided or transferred are retained by default This includes risks that are so large or
catastrophic that they either cannot be insured against or the premiums would be
infeasible War is an example since most property and risks are not insured against
war, so the loss attributed by war is retained by the insured Also any amounts of
potential loss (risk) over the amount insured is retained risk This may also be
acceptable if the chance of a very large loss is small or if the cost to insure for greater
coverage amounts is so great it would hinder the goals of the organization too much
1.11.4 Risk Transfer
Means causing another party to accept the risk, typically by contract or by hedging
Insurance is one type of risk transfer that uses contracts Other times it may involve
Trang 20Some ways of managing risk fall into multiple categories Risk retention pools are technically retaining the risk for the group, but spreading it over the whole group involves transfer among individual members of the group This is different from traditional insurance, in that no premium is exchanged between members of the group
up front, but instead losses are assessed to all members of the group
Check your Progress 2
Fill up the blanks:
1 is a concept that denotes a potential negative impact to some characteristic of value that may arise from a future event
2 should propose applicable and effective security controls for managing the risks
3 Usually, retained risks occur with greater frequency, but have a low
4 is a method of reducing portfolio risk or some business risks involving future transactions
1.12 RISK MANAGEMENT PLAN
1.12.1 Creation
Select appropriate controls or counter measures to measure each risk Risk mitigation needs to be approved by the appropriate level of management For example, a risk concerning the image of the organization should have top management decision behind it whereas IT management would have the authority to decide on computer virus risks
The risk management plan should propose applicable and effective security controls for managing the risks For example, an observed high risk of computer viruses could
be mitigated by acquiring and implementing antivirus software A good risk management plan should contain a schedule for control implementation and responsible persons for those actions
According to ISO/IEC 27001, the stage immediately after completion of the Risk Assessment phase consists of preparing a Risk Treatment Plan, which should document the decisions about how each of the identified risks should be handled Mitigation of risks often means selection of Security Controls, which should be documented in a Statement of Applicability, which identifies which particular control objectives and controls from the standard have been selected, and why
1.12.2 Implementation
Follow all of the planned methods for mitigating the effect of the risks Purchase insurance policies for the risks that have been decided to be transferred to an insurer, avoid all risks that can be avoided without sacrificing the entity's goals, reduce others, and retain the rest
Trang 2121 Risk
1.12.3 Review and Evaluation of the Plan
Initial risk management plans will never be perfect Practice, experience, and actual
loss results will necessitate changes in the plan and contribute information to allow
possible different decisions to be made in dealing with the risks being faced
Risk analysis results and management plans should be updated periodically There are
two primary reasons for this:
z To evaluate whether the previously selected security controls are still applicable
and effective, and
z To evaluate the possible risk level changes in the business environment For
example, information risks are a good example of rapidly changing business
environment
1.13 LET US SUM UP
Risk is a concept that denotes a potential negative impact to some characteristics of
value that may arise from a future event Exposure to the consequences of uncertainty
constitutes a risk In everyday usage, risk is often used synonymously with the
probability of a known loss
Risk communication and risk perception are essential factors for all human decision
making
1.14 LESSON END ACTIVITY
Analyse the various types of risks and discuss the methods of handling them
1.15 KEYWORDS
Risk retention: Involves accepting the loss when it occurs
Risk transfer: Means causing another party to accept the risk, typically by contract or
by hedging
1.16 QUESTIONS FOR DISCUSSION
1 Briefly explain the concept of risk with definitions
2 What are the different types of risk?
3 Distinguish between Risk and Un-certainty
Check your Progress : Model Answers
CYP 1
1 Business risk is the risk associated with the unique circumstances of a
particular company, as it might affect the price of that company’s
securities
2 Credit risk includes the possibility that a bond issuer will default, by
failing to repay principal and interest in a timely manner Bonds issued by
corporations are more likely to be defaulted on, since companies often go
bankrupt
CYP 2
1 Risk 2 The risk management plan
3 severity 4 Hedging
Trang 2222
Risk and
Dr P.K Gupta, Insurance and Risk Management, 1st edition, Himalaya Publishing House
Dr P.K Gupta, Fundamental of Insurance, 1st edition, Himalaya Publishing House
C Gopala Krishnan, Insurance Principles & Practice, Sterling Publishers Pvt Ltd.,
New Delhi
George G.R Lucas, Ralph H Wherry, Insurance, Principles and Coverage, U.S.A
Prof K.S N Murthy and K.V.S Sarma, Modern Law of Insurance in India, N.M Tripathi
Pvt Ltd., Mumbai
P.S Palande, R.S Shah, M L Lunawat, Insurance in India, Sage Publications, New Delhi
Trang 2323 Risk Management
2.3 Risk Financing Techniques
2.3.1 Alternatives to Insurance Companies
2.3.2 Alternatives to Insurance Products
2.4 Objective of Risk Management
2.5 Areas of Risk Management
2.5.1 Enterprise Risk Management
2.6 Risk Management Activities as Applied to Project Management
2.7 Risk Management and Business Continuity
2.8 Risk Management Information Systems
2.8.1 Risk Management Research Programme
2.8.2 Common Types of RMIS
2.8.3 Key Vendor Attributes and Differences
2.8.4 Average RMIS Costs and RMIS Market Drivers
2.9 Risk Management Agency
2.10 Risk Control
2.11 Risk control Authorities
2.11.1 Risk Management Authority
2.11.2 Environmental Risk Management Authority
2.0 AIMS AND OBJECTIVES
After studying this lesson, you should be able to:
z Study the concept of Risk Management
z Know the Various types of Techniques of risk management
z Know the objective of risk management
z Know the concept of risk management information system
Trang 24z Risk identification and assessment
z Risk control
z Risk financing Typically, RMIS facilitates the consolidation of insurance related information, such as claims from multiple sources, property values, policy information, and exposure information, into one system Often, Risk Management Information Services/Systems (RMIS) applies primarily to “casualty” claims/loss data systems Such casualty coverage’s include Auto Liability, Auto Physical Damage, Workers' Compensation, General Liability and Products Liability
RMIS products are designed to provide their insured organizations and their brokers with basic policy and claim information via electronic access, and most recently, via the Internet This information is essential for managing individual claims, identifying trends, marketing an insurance program, loss forecasting, actuarial studies and internal loss data communication within a client organization They may also provide the tracking and management reporting capabilities to enable one to monitor and control overall cost of risk in an efficient and cost-effective manner
In the context of the acronym RMIS, the word “risk” pertains to an insured or insured organization This is important because prior to the advent of RMIS, insurance company loss information reporting typically organized loss data around insurance policy numbers The historical focus on insurance policies detracted from a clear, coherent and consolidated picture of a single customer's loss experience The advent
self-of RMIS in the 1980s was a breakthrough step in the insurance industry's evolution toward persistent and focused understanding of their end-customer needs Typically, the best solution for your organization depends on whether it is enhancing an existing RMIS system, ensuring the highest level of data quality, or designing and implementing a new system while maintaining a focus on state-of-the-art technology
Risk management is very important to all the companies throughout the whole world because of the fact that the companies have to face troubles in different fields The prioritizing of all the risks is one of the main things that have to be taken care of Among all the risks that are parts of the whole running methods of the companies some are critical and they should be taken to the priority at the very first hand Otherwise the company may fall into irreparable trouble
Risk management information systems is known as per in the short term as RMIS All the companies throughout the whole world maintain web sites that are needed to update the risk management groups about the concerned company's past These records of the past are very important to all the members of the companies and these
Trang 2525 Risk Management
are the main things that make them able to take all the precautions so that the same
problems cannot happen in the coming future
Today, we are living in the world of information technology (IT) So, all the
companies across the globe have taken drastic steps to maintain all the required data
that will give a clear chronicles of each and every incident that have taken place in the
company Large companies have their huge websites and these sites are the most
useful ones in the field of business They will also provide anyone with authentic
information about all the projects that the company has undertaken in the past years
That is why the company gets courage in taking up the newer projects in the coming
days
Risk financing is an important of the whole business of the risk management system
That is why risk management information systems make the company able to judge
the budget that they should make for the future preparation Risk identification is also
possible because of the information services All the data that are available in the sites
give us the authentic information about the company's financial growth and the risks
that were handled in the past days It is said that learnings from the past incidents are
necessary to trade the paths of future and this is the main ideology behind all the risk
management information systems The information systems are maintained by many
software companies and sometimes by the company itself Thousands of employees
are related to do the service of data entry in the sites and they have to be very honest
in this case
2.3 RISK FINANCING TECHNIQUES
Risk financing techniques encompass all the ways of generating funds to pay for
losses that risk control techniques do not entirely stop from happening Risk
financing techniques can be classified into two groups, retention and transfer Most
businesses generally use a combination of the two types of risk financing techniques
z Retention includes all means of generating funds from within to pay for losses In
order of increasing administrative complexity, the retention options open to any
private business organization are (1) current expensing of losses; (2) using an
unfunded loss reserve (an accounting entry denoting a potential liability to pay for
a loss); (3) using a funded loss reserve (a reserve backed by earmarked funds set
aside within the organization); (4) borrowing funds to pay for losses; and
(5) insuring through an affiliated “captive” insurer
z Transfer includes all means of generating funds from outside organizations to pay
for losses The two risk financing techniques through which one organization can
transfer the financial burden of losses to another are (1) insurance purchased from
an outside, unaffiliated insurer (usually called “commercial insurance”) and
(2) non-insurance transfers (to a transferee other than an insurance company
through a type of agreement often called a “hold harmless agreement”)
Once the appropriate techniques are agreed upon, individuals responsible for
completing each course of action are identified and assigned Finally, time frames are
established for starting and completing the actions required
The result is a strategic risk management plan which allows you to move forward in
implementing the programs necessary to address the risks faced by your company
Sparked by a wave of natural disasters and terrorist attacks, the costs of traditional
insurance have risen significantly Businesses are therefore now seeking alternative
ways to cover their high-impact risks outline the benefits of a variety of alternative
risk financing techniques
Businesses typically purchase insurance policies to mitigate risk In the past five to ten
years, however, businesses beset by higher premiums or by the inability of insurance
Trang 26In addition, recent corporate scandals led to the passage of the Sarbanes-Oxley Act of
2002, which requires chief executive officers and chief financial officers of publicly traded companies to certify that their companies have adequate internal controls This statutory requirement has in turned convinced many companies of the value of a strategic, business- wide approach to risk management and has also led to the elimination of the traditional barriers between a company’s treasury and insurance-buying operations
These trends have prompted business executives to seek out other risk mitigation options, such as alternative risk financing A September 2006 report by Conning Research & Consulting found that alternative market mechanisms now cover about 30% of the US commercial insurance market, while traditional insurance companies cover the remaining 70% In this article, we will examine a variety of different alternative risk financing techniques and products that companies now use to mitigate
or transfer risk outside of the traditional insurance-based model
2.3.1 Alternatives to Insurance Companies
Alternative risk financing products can be divided roughly into two principal categories: alternatives to insurance companies and alternatives to insurance products
In this section, we will identify different types of risk financing alternatives to insurance companies and we will explain their benefits
Examples of alternatives to insurance companies include self-insurance, insurance pools, captive insurers and risk retention groups
Self-insurance is one of the oldest alternatives to insurance companies and remains
one of the most popular The term is self-explanatory: rather than purchase an insurance policy, a company will elect to retain an eligible risk while designating an amount of money calculated to compensate for the potential future loss Self-insurance typically provides the first layer of coverage, and a policy is purchased from the commercial insurance market to cover losses in excess of the self-insurance
Following the 9/11 terrorist attacks, coverage for certain risks became much more difficult to acquire and was only available at substantially increased costs For example, airline insurers immediately increased premiums and cut their coverage for third-party war and terrorism liabilities to a maximum of $50 million per airline, per
"event." Workers’ compensation carriers began to look very carefully at catastrophic exposures, especially in locations with more than 250 employees And some life insurance reinsurers exited the market entirely
As a result of these developments, many companies have increased the amount of risk that they self-insure For instance, coverage for catastrophic losses might be secured
by designating a $75 million-a-year self-insured retention and by combining this
Trang 2727 Risk Management
retention with traditional insurance; this strategy would provide coverage in excess of
the retention amount at greatly reduced premiums
Insurance pools, or self-insurance groups, are an extension of self-insurance and are
employed by companies to underwrite their collective exposure to workers’
compensation claims and similar high-occurrence, low-cost risks These groups tend
to be comprised of companies with similar risk profiles (either by type of industry or
by geography or both), because each member of a pool shares the profits and losses of
the pool through a so-called joint and several liability arrangement Members
contribute premiums to a fund, the proceeds of which are invested and paid out for
claims and administrative expenses Surplus funds may, at the members’ discretion,
be repaid by members or reinvested in the fund
A November 2004 study of 16 self-insurance pools rated by A.M Best found that the
pools compared favorably to traditional insurance The report found that
self-insurance pools, compared to an index of commercial casualty insurers, had a
five-year average investment yield of 4.9% versus 5.3% for the commercial casualty index,
a five-year average return on equity of 12.2% versus 3.1% for the commercial
casualty index and a five-year average underwriting expense ratio (i.e., the percentage
of premiums used to pay underwriting expenses) of 23.6 versus 28.0 for the
commercial casualty index
A captive insurer is, in general terms, a licensed insurance company established by a
non-insurance parent company to insure the risks of the parent company, its affiliates
or other entities doing business closely with the parent company Captives are
considered to have a number of advantages over traditional insurance coverage
Companies utilizing captives enjoy cash flow benefits from lower insurance costs and
retention within the corporate group of premiums and investment income
Captives can also provide tax benefits: for example, payments to captives that provide
employee benefits insurance are deductible as insurance premiums in certain
circumstances Additionally, the company’s control over the captive subsidiary allows
it to deal with reinsurers directly, instead of through an insurance company, thereby
lowering the cost of access to the reinsurance market Perhaps in response to these
perceived benefits, the use of captives has grown tremendously in recent years
Risk retention groups are similar to multi-owner captive insurance companies or
self-insurance groups They are liability self-insurance companies owned by their insureds
(which must be engaged in a similar business or exposed to similar risks) and they are
authorized by the Liability Risk Retention Act of 1986, which permits the insurance
company — once licensed by its state of domicile — to insure members in all states
These groups enjoy many of the benefits ascribed to captives — such as the ability of
members to control their own program, the ability to maintain coverage at affordable
rates where typical insurance is hard to obtain and the ability to access reinsurance
markets directly — without the hassle of having to set up the corporate structure of a
captive insurance company as a subsidiary
According to the Risk Retention Reporter, risk retention group annual premiums
increased from approximately $2.2 billion in 2004 to $2.4 billion in 2005; moreover,
these premiums have almost doubled since 2002
These groups now underwrite significant portions of the medical malpractice market,
following the insolvencies between 2001 and 2003 of many of the traditional
malpractice insurers However, it is important to note that these groups cannot
underwrite certain risks, such as an employer’s liability with respect to its employees,
or loss or damage resulting from any personal, familial or household responsibilities
or activities
Trang 2828
Risk and
Insurance Management
2.3.2 Alternatives to Insurance Products
Credit securitizations, CAT bonds, weather derivatives and finite risk products are among the available alternatives to insurance products Many of these instruments are products of the capital markets: a consensus is emerging that the global capital markets have capacity exceeding that of the insurance markets by several degrees of magnitude and, consequently, can handle at a lower cost and with less shock to the system the occurrence of natural disasters and other severe risks In this section, we will explain the benefits of different types of risk financing alternatives to insurance products
Credit securitisation involves the transfer of assets subject to credit risk, such as
receivables, to a specially created investment vehicle The vehicle in turn issues securities "backed" by the transferred assets The proceeds of the sale of the asset-backed securities are remitted to the transferer of the assets — the entity that otherwise would have purchased insurance to defray its credit risk — and the purchasers of the securities assume the risk of recovery of the assets
CAT bonds, more formally known as catastrophe bonds, are risk-linked securities
designed to transfer a specified set of risks from the issuer to the investors They are usually structured as corporate bonds whose repayment of principal is forgiven if certain specified trigger conditions are met These conditions are generally linked to some sort of catastrophic event, such as a hurricane hitting Florida If no hurricane hits, the investors enjoy a return on their investment through interest payments (typically at a coupon rate much higher than the risk-free rate) and the principal repayment over the life of the bond But if the triggering event occurs, then the investors may lose their rights to some portion of the principal or the entire principal, which is retained by the issuer to pay the loss As the hurricane example suggests, CAT bonds are most frequently used where the risk sought to be defrayed is a high-severity, low-frequency event
Weather derivatives are financial instruments that can be used by companies as part of
a risk management strategy to reduce the risk associated with adverse or unexpected weather conditions The derivative in this case is some objective measure of the weather, such that the weather derivative pays based on the variability of the observed weather from an index So, for example, a weather derivative might pay based on the number of days when a low (or high) temperature was exceeded Farmers, for instance, would use weather derivatives to hedge against poor harvests that result from
a lack of rain or unseasonable snowstorms Theme parks, on the other hand, might use weather derivatives to insure against rainy weekends during peak season Energy companies, in particular, have been at the forefront of the development of the weather derivative market
Finite risk products are similar to traditional insurance, but with a twist Unlike
typical insurance contracts, which typically have a duration of 12 months, finite risk insurance products have a longer term — say, 10 years These products are particularly useful where the risk sought to be insured against is a high-severity, low-frequency event, such as an oil spill For example, if we assume an actuarial analysis predicts the occurrence of an oil spill within the next 10 years, the probability of such
an event occurring in any one year within that period is 1 in 10 (or 10%)
The oil producer could, of course, insure that risk by purchasing an annual insurance policy If the risk did not occur in that first year, the oil producer would be out its premium, which the insurance company would have invested to produce income for its shareholders The oil producer would then need to renew the insurance policy for the following year If the risk also did not materialize in that second year, the result would be the same as the first, and this would continue for each year the annual policy
is renewed and the oil spill did not occur
Trang 2929 Risk Management
Alternatively, the oil producer could procure at the outset a finite risk contract that
covers the entire 10-year period If the oil producer and its insurer estimated that the
oil spill would occur in year seven, they could reduce to present value the resulting
liability In exchange for the payment of a premium approximating that liability
estimate, the oil producer and its insurer would agree to share the investment income
generated by the premium The oil producer also would be entitled to deduct the
premium paid at the outset of the transaction and — if the insured risk did not
materialize during the term of the contract — to the return of a substantial portion of
the premium paid
These benefits have made finite risk products increasingly popular, despite the
negative press attention these products have received as a result of alleged abuse by
certain insurers and re-insurers
Check Your Progress 1
1 Define CAT Bonds
2.4 OBJECTIVE OF RISK MANAGEMENT
Objective of risk management is to lessen the effect of various kinds of threats to a
certain level which is accepted by the society The various kinds of threat include
threats caused by the environment, threat caused by technology and also threat caused
by the human beings Various kinds of threat also include threats caused by different
organizations and also by politics Risk management can be accomplished by the
skillful maneuvering of different kinds of resources available for risk management
like person, staff and also the organization
In an ideal model of risk management, first of all the risk which may do the highest
loss or has got the highest probability to happen is first identified The risks which
have got more power to do harm or have the more chance to occur are handled first
and after that the risks which have got less power to do harm and has got less chance
to occur are handled
This process of risk management may be very difficult in the actual field A proper
balance between the risks which have got more possibility to happen and the risks
which have got less possibility to happen is very difficult to make Handling of
different types of risks among a basket of risks may become very difficult to the risk
management group engaged in risk management but there are no other way to handle
the risks properly
Risk management also includes difficulties in allocating resources for the sake of risk
management The resources invested on risk management may have been spent on
more profit making activities This creates a major problem to the risk management
group
2.5 AREAS OF RISK MANAGEMENT
Risk management is one of the very important activities of the human society which
acts as a very necessary activity at the time of emergency Risk management includes
a whole lot of things like identification of the risk assessing the magnitude of the risk
and chalk out proper strategies to manage the risk Risk management also includes
Trang 30Risk assessment actually assesses the quality value of risk which is related to a particular situation or has a definite shape
Risk management strategies include the transfer of risk from one party to another party Risk management strategies also include avoiding of the risk which also reduces the bad effect of the risk Risk management strategies also include a few or all the consequences of a very specific risk There are also some very conventional risk management process which only focus on the risks which may come out from the physical or legal causes Financial risk management is also another kind of very important risk managements This type of risk management only focuses on those risks which can be tackled with the help of financial instruments which are traded in the market
As applied to corporate finance, risk management is the technique for measuring,
monitoring and controlling the financial or operational risk on a firm's balance sheet See value at risk The Basel II framework breaks risks into market risk (price risk), credit risk and operational risk and also specifies methods for calculating capital requirements for each of these components
2.5.1 Enterprise Risk Management
In enterprise risk management, a risk is defined as a possible event or circumstance that can have negative influences on the enterprise in question Its impact can be on the very existence, the resources (human and capital), the products and services, or the customers of the enterprise, as well as external impacts on society, markets, or the environment In a financial institution, enterprise risk management is normally thought of as the combination of credit risk, interest rate risk or asset liability management, market risk, and operational risk
In the more general case, every probable risk can have a pre-formulated plan to deal
with its possible consequences (to ensure contingency if the risk becomes a liability)
From the information above and the average cost per employee over time, or cost accrual ratio, a project manager can estimate:
z The cost associated with the risk if it arises, estimated by multiplying employee
costs per unit time by the estimated time lost (cost impact, C where C = cost
z This is slightly misleading as schedule variances with a large P and small S and vice versa are not equivalent (The risk of the RMS Titanic sinking vs the
passengers' meals being served at slightly the wrong time)
z The probable increase in cost associated with a risk (cost variance due to risk, Rc
where Rc = P*C = P*CAR*S = P*S*CAR)
z Sorting on this value puts the highest risks to the budget first
z See concerns about schedule variance as this is a function of it, as illustrated in
the equation above
Trang 3131 Risk Management
Risk in a project or process can be due either to Special Cause Variation or Common
Cause Variation and requires appropriate treatment That is to re-iterate the concern
about extreme cases not being equivalent in the list immediately above
2.6 RISK MANAGEMENT ACTIVITIES AS APPLIED TO
PROJECT MANAGEMENT
In project management, risk management includes the following activities:
z Planning how risk management will be held in the particular project Plan should
include risk management tasks, responsibilities, activities and budget
z Assigning a risk officer - a team member other than a project manager who is
responsible for foreseeing potential project problems Typical characteristic of
risk officer is a healthy skepticism
z Maintaining live project risk database Each risk should have the following
attributes: opening date, title, short description, probability and importance
Optionally a risk may have an assigned person responsible for its resolution and a
date by which the risk must be resolved
z Creating anonymous risk reporting channel Each team member should have
possibility to report risk that he foresees in the project
z Preparing mitigation plans for risks that are chosen to be mitigated The purpose
of the mitigation plan is to describe how this particular risk will be handled –
what, when, by who and how will it be done to avoid it or minimize consequences
if it becomes a liability
z Summarizing planned and faced risks, effectiveness of mitigation activities, and
effort spent for the risk management
2.7 RISK MANAGEMENT AND BUSINESS CONTINUITY
Risk management is simply a practice of systematically selecting cost effective
approaches for minimising the effect of threat realization to the organization All risks
can never be fully avoided or mitigated simply because of financial and practical
limitations Therefore all organizations have to accept some level of residual risks
Whereas risk management tends to be preemptive, business continuity planning (BCP)
was invented to deal with the consequences of realised residual risks The necessity to
have BCP in place arises because even very unlikely events will occur if given enough
time Risk management and BCP are often mistakenly seen as rivals or overlapping
practices In fact these processes are so tightly tied together that such separation seems
artificial For example, the risk management process creates important inputs for the
BCP (assets, impact assessments, cost estimates etc) Risk management also proposes
applicable controls for the observed risks Therefore, risk management covers several
areas that are vital for the BCP process However, the BCP process goes beyond risk
management's preemptive approach and moves on from the assumption that the
disaster will realize at some point
2.8 RISK MANAGEMENT INFORMATION SYSTEMS
Risk Management Information Systems (RMIS) are typically computerized systems
that assist in consolidating property values, claims, policy, and exposure information
and provide the tracking and management reporting capabilities to enable you to
monitor and control your overall cost of risk
Trang 3232
Risk and
Insurance Management
2.8.1 Risk Management Research Programme
Risk management is a subject which totally based on the service of researches that are done by the help of all the data of the past about any company Therefore the risk management research programme is a vital part of the whole business The past of the company must be known to all who are involved in the risk management tasks They can take examples from the past incidents of the company and thereby plan up the appropriate precautions for the upcoming future
Risk management is one of the main sections of today's world of business This is actually based on all the steps that a company can apply at the times of crisis There are in fact many challenges that are to be accepted by all the companies throughout the whole world Therefore, to accept all these challenges the company has to be prepared from all the aspects Among them the most vital problems are generally financial There are many risk management groups across the globe who take care of the various aspects of these financial problems
Risk management research programme includes people from diverse fields Among them there are researchers from fields like economics, statistics, psychology, engineering, toxicology, operations researches, decision theory and even from biology All these people work in a company to judge each and every steps that are taken by the authority for the upcoming future They always help the authorities to plan perfectly for the future steps that they can take The definition of risk changes from one company to the other This is because of the fact that all the companies do not work with the same ethics of business Their productions are different as well So, they have to undertake different kinds of risks
The equations that are applied to measure the risk factors for a company are the outcomes of the risk management research programme that has been so far conducted throughout all the nooks and crannies of the world To judge and predict the uncertain conditions that may come to a company's fate, everyone working in the risk management research programme has to be extremely experienced Technology is something which has always to be taken into consideration for these researches
All the risk management research programmes are done mainly through the help of the data of the past of the company This data is generally available in the Internet in the official websites of all the companies Different kinds of softwares are also used for the purpose of risk management research programme Risk management can be of two different patterns and they are continuous as well as non-continuous Continuous risk management research programme is held throughout the running time of a company Employees always evaluate every single step taken by the authority On the other hand the non-continuous risk management research programme is held from time to time when the company takes any drastic step
To conclude in a nutshell, this can be said that all the risk management research programmes are the integral parts of the whole business without which perfect planning for an authority is never possible
2.8.2 Common Types of RMIS
Most major insurance companies (carriers), broker/agents, and Third Party Administrators (TPAs) offer/provide at least one external RMIS product to their insureds (clients) and any brokers involved in the insurance program Most commonly, RMIS products allow individual claim detail look-up, basic trend report production, policy summaries and ad hoc queries The resulting information can then
be shared throughout the client's organization, usually for insurance program cost allocation, loss prevention and effective claim management at the local level More advanced products allow multiple claim data sources to be consolidated into one
“Master RMIS,” which is essential for most large client organizations with complex insurance programs
Trang 3333 Risk Management
The primary users of RMIS are risk/insurance departments of insured organizations
and any insurance broker involved Interestingly, it is much less common for the
insured's safety department and vehicle operations department to have access to RMIS
despite similar interest in the data In fact, safety and vehicle operations of larger
organizations typically maintain their own separate database systems of
“accidents/incidents,” many of which will correlate to RMIS claim data
Insurance companies normally use a different version of externally provided RMIS for
internal use, such as by underwriting and loss control personnel Occasionally, there
could be timing or other differences that could cause data discrepancies between the
internal system and externally provided RMIS
Insurance brokers have a similar need for access to their insured client's claim data
Brokers are normally added as an additional user to the RMIS product provided to
their clients by the insurance carrier and TPAs The information available from RMIS
is critical to the broker for interfacing effectively with their counterparts in the
insurance carrier and TPAs Additionally, effectively presented RMIS information
that shows trends and analysis is essential to successfully marketing their clients'
insurance programs
Insurance carrier and Third-Party Administer (TPA) claim adjusters traditionally use
claims management systems to collect and manage claim information and to
administer claims Some client organizations, however, may choose to manage certain
types of claims or those within a loss retention layer and thus use this type of system
as well
Typically, the claims management system provides the primary data to RMIS
products RMIS products in turn provide an externally accessed view into the client's
claims data RMIS products are commonly available directly from larger insurance
carriers and TPAs, but the most advanced systems are often offered by independent
RMIS vendors Independent RMIS vendor systems are most desirable when a client
organization needs to consolidate claims data from multiple current insurance
programs and/or past programs with current program information
2.8.3 Key Vendor Attributes and Differences
Along with insurance carriers, broker/agents and TPAs that offer their own
proprietary systems, there are a variety of direct RMIS technology companies who sell
to direct insureds and even the carriers, broker/agents and TPAs themselves
Major differences among RMIS vendors include:
z Currency of technology (Internet-based vs Internet-accessible);
z System speed (response time for screen changes, report generation time, etc.);
z Flexibility in meeting client requirements (custom screen views, client-defined
data fields, special reports, etc.);
z Ongoing support service quality (availability of senior/quality technical support,
help desk availability, dedicated staff and stability, etc.);
z Data quality control (data conversion accuracy, data source cleanup, etc.);
z Pricing (first-year cost, ongoing cost, custom programming charges, data record
storage fees);
z Availability of related modules (property exposure management, policy
management, claim/incident setup, Occupational Safety and Health
Administration (OSHA) record keeping, claims audits, etc.);
z Turnaround time for data loads;
z Foreign conversion/support (financial fields, language, fluent support staff, etc.)
Trang 34to accommodate their major policyholder organizations Major TPAs, however, more commonly offer such data consolidation services
2.8.4 Average RMIS Costs and RMIS Market Drivers
The cost of a typical independent RMIS product varies from $30,000 to $75,000 for the first year, and ongoing annual charges are slightly less Insurance company RMIS product lines typically average around $5,000 for the first user, but they often offer less expensive light-weight versions for claim look-up only More costly full-featured products are sometimes available with more advanced reporting systems The products are usually priced on a per-user basis on a sliding scale for a larger number
of users Insured clients' brokers are given access at no cost or occasionally for a flat annual fee for multiple insured clients with a particular broker
TPAs commonly include one or two RMIS access IDs within their claims management pricing to encourage both the client's broker and the client to use their claim look-up product Normally, beyond the first two access IDs, the pricing follows the same per-user range of the insurance companies The cost drivers of RMIS include: • Number of user/access IDs • Number of outside claim data sources that must be converted (carriers and TPAs do not have to convert their own data)
• Frequency of outside claim data updates • Special programming/report development charges • Training of users (initial and annual users' conferences)
Clearly, higher cost systems do not always correlate to better performance in terms of both usefulness and speed While most carrier and TPA RMIS systems are similarly priced, the independent RMIS vendors' price range varies significantly, as previously mentioned A few of the lower-cost systems are in fact much faster in response time, which means more efficient use of application server technology Some of the more costly systems are more pleasing to look at, but they often have no advantage in functionality
2.9 RISK MANAGEMENT AGENCY
Risk Management Agency or RMA aims at helping the producers with effective management solutions RMA is a part of United States Department of Agriculture The effective and market-based risk management solutions of Risk Management Agency can help the producers a lot to manage their business risks The mission of RMA is to help the agricultural producers of America to preserve and strengthen the economic stability The sound risk management solutions provided by Risk Management Agency can definitely promote and support the economic stability of the agricultural producers of America
The Federal Crop Insurance Corporation (FCIC), founded in 1938, is an organization, which is operated and managed by Risk Management Agency The foundation of Risk Management Agency dated back to 1996
Insurance Services, Research and Development, and Risk Compliance are the three divisions of The Risk Management Agency These divisions are responsible for carrying out different functions The Insurance Services division is responsible for program delivery The Research and Development division is responsible division is responsible for overseeing product development The Risk Compliance division is
Trang 3535 Risk Management
responsible for monitoring compliance with program provisions by the producers and
the insurance companies
Risk Management Agency with the help of The Federal Crop Insurance Corporation
offers crop insurance to the agricultural producers of America The sell and service of
the policies are given to fourteen private-sector insurance companies The
development and approval of the premium rate depends on the Risk Management
Agency It is also responsible for administering the premium and expense subsidy
The approval and support of the products as well as reinsurance of the companies also
depend on the Risk Management Agency Apart from these, RMA is also associated
with sponsoring the outreach and educational programs The seminars on general
topic of risk management are also organized by the Risk Management Agency
RMA is a United States Development of Agriculture agency, which is responsible for
promoting an environment of financial stability It also plays a big role in building an
environment of safety and confidence among the agricultural producers of America
The Risk Management Agency has their office in 14 locations Around 500 people are
employed by the Risk Management Agency The agency offers career choices in
different fields such as, insurance/risk management, information technology,
accounting and economics
The Risk Management Agency offers crop insurance to American producers The
official website of RMA offers all information regarding this agency You can get the
agency news, summaries of insurance sales, state profiles and other publications, all
on the official website The information on downloadable crop policies, pilot
programs and agency-sponsored events, all are available on the official website
With the help of The Risk Management Agency the farmers get the financial stability
The financial tool helps them in the time of risks to manage their situation The Risk
Management Agency plays the vital role in improving the overall economic stability
of agriculture
2.10 RISK CONTROL
Risk Control includes those risk management techniques designed to minimize the
frequency or severity of accidental losses or to make losses more predictable Risk
control techniques include exposure avoidance, loss prevention, loss reduction,
segregation of loss exposures and contractual transfers to shift losses to others, both
legally and financially
z Exposure avoidance eliminates entirely any possibility of loss It is achieved
either by abandoning or never undertaking an activity or an asset Examples
include discontinued products, processes, or a change in facility
z Loss prevention aims to reduce the frequency (or the likelihood) of a particular
loss Examples include safety programs and training
z Loss reduction aims to lower the severity of a particular loss Examples are
prompt claim reporting, sprinklers and alarms, and light duty programs
z Segregation of loss exposures involves arranging an organization’s activities and
resources so that no single event can cause simultaneous losses to all of them It
may take one of two forms: separation or duplication Examples would be
inventory at different warehouses, raw materials from different suppliers, spare
parts for machines, and duplicate records
z Contractual transfer for risk control is a transfer of legal and financial
responsibility for a loss The organization to which the transfer is made (the
transferee) then bears all financial and legal responsibility for any loss which the
transferring organization (the transferor) might otherwise have suffered in the
event of an accident
Trang 3636
Risk and
Insurance Management
Check your Progress 2
Fill up the blank:
1 is one of the basic factors that a running company has always to take in consideration
2 The is an expert in risk assessment and risk management
3 Risk is an important tool of the whole business of the risk management system
4 The resources invested on risk management may have been spent on more
2.11 RISK CONTROL AUTHORITIES
2.11.1 Risk Management Authority
Risk Management Authority has been set up with an aim to ensure the management of the risk of sexual offenders The authority is responsible for assessment and minimization of risks among the violent sexual offenders The Risk Management Authority is a Scottish public body, which offers expert advice on risk assessment and risk management of the sexual offenders
The Risk Management Authority was established by the Criminal Justice (Scotland) Act 2003.The major function of Risk Management Authority is assessing the risk of the violent offenders who can create some harm if kept free The liberty of the violent sexual offenders can become a risk to the common public The Risk Management Authority aims at minimizing the risk of the violent sexual offenders
The Risk Management Authority is an expert in risk assessment and risk management The policies of the Risk Management Authority are developed to manage the risk factors of the offenders The Risk Management Authority also carries out research and new management policy to control the number of offenders whose liberty can become
a risk to the public at large The Risk Management Authority is responsible for setting the standards for those people who are involved in the assessment and management of risk from the sexual offenders Risk Management Authority is also involved in accreditation of practitioners and risk management plans for the offenders The authority monitor risk management plans for the offenders including those who have received an Order for Lifelong Restriction sentence from the High Court
Risk Management Authority or RMA plays a great role in the social improvement It tries to minimize the social evil Risk Management Authority offers advice about the eradication of sexual violence from the offenders It offers recommendations to Scottish Ministers regarding the assessment of risk and management of risk Thus it serves an authority that has a great role in minimizing the sexual violence
To minimize the number of sex offenders the monitoring and supervising of young sex offenders have been tightened The national agencies and local service providers are developing the improved identification and risk assessment techniques They also make plans for young sex offenders who can become violent sex offenders in later part of life The care and inspection offered by the agencies are of great importance in ensuring the protection and safety of the common people After proper inspection these agencies offer recommendations to the Ministers
The major role of The Risk Management Authority is improving the identification, risk assessment and planning for management of sex offenders It also ensures that those working with young sex offenders have sufficient expertise The service also
Trang 3737 Risk Management
includes, Appropriate supervision of the young sex offenders as they move from youth
into the adult justice system The overall service intends in improving the
management of sex offenders The Risk Management Authority offers advice in
relation to offender risk and makes recommendations to Scottish Ministers
2.11.2 Environmental Risk Management Authority
Environmental Risk Management Authority or ERMA is associated with controlling
the risky substances to the environment It is responsible for preventing and managing
the hazardous substances ERMA controls the introduction and use of hazardous
substances and new organisms in the environment This organization is also
responsible for implementing the Hazardous Substances and New Organisms Act
1996 (HSNO) by evaluating risks, costs and benefits The work of Environmental
Risk Management Authority is guided by the risk management principles
The environmental management mainly deals with the impact of man’s interaction
upon the environment The environment management helps to conserve the
environment for the sake of mankind While talking about environment management
we have to consider the management of all components of the biophysical
environment It involves both living (biotic) and non-living (abiotic) The living
species and their habitats are interconnected and the bio-physical environment is also
related with the social, cultural and economic environment The environmental
management focuses on reducing use of materials or energy use that is unsustainable
in the long term
Environmental Risk Management Authority is responsible to consider the adverse and
beneficial effects of a new organism or substance according to the Hazardous
Substances and New Organisms (HSNO) Act 1996 When Environmental Risk
Management Authority considers the application any substance risky to use they
apply control on its application The substances on which ERMA applies control may
lead to the housing the organism or substance in a specially designed laboratory and
thus preventing it from being available to the people To prevent the hazardous effect
of any harmful substance the Environmental Risk Management Authority can make
the mass to wear protective equipment when handling such chemical
Environmental Risk Management Authority aims at providing a safe environment to
the public The role of IRMA is of vital importance in managing the substances,
which are risks to the environment In maintaining the public health and environment
Environmental Risk Management Authority takes a major role As soon as
Environmental Risk Management Authority receives an application they take up the
decision making process After getting an application regarding the application or use
of any certain substance the Environmental Risk Management Authority considers the
beneficial as well as the adverse effects of the substance or any other thing and then
weighs up both the effects While considering the adverse and beneficial role of the
substance ERMA considers its effect on public health, environment, society etc
The decision making body of Environmental Risk Management Authority consists of
up to eight members appointed by the Minister for the Environment Under the
Hazardous Substances and New Organisms (HSNO) Act 1996, ERMA was
established The authority takes decision on importing, test or developing new
organisms It also plays a big role in importing or manufacturing hazardous substances
to New Zealand The authority works on receiving any application reading certain
elements or substances
2.12 LET US SUM UP
Risk management is one of the basic factors that a running company has always to
take in consideration There are lots of risks that a company has to run through So, to
be updated with all the past history of the company the company has to maintain very
Trang 38Risk management is very important to all the companies throughout the whole world because of the fact that the companies have to face troubles in different fields The prioritizing of all the risks is one of the main things that have to be taken care of Among all the risks that are parts of the whole running methods of the companies some are critical and they should be taken to the priority at the very first hand Otherwise the company may fall into irreparable trouble
2.13 LESSON END ACTIVITY
Discuss in your group various techniques used for the management of risk and risk control
2.14 KEYWORDS
Risk Management Information Systems (RMIS): Computerized systems that assist in
consolidating property values, claims, policy, etc
Cat Bonds: Risk-linked securities designed to transfer a specified set of risks from the
issuer to the investors
Credit Securitization: Transfer of assets subject to credit risk
2.15 QUESTIONS FOR DISCUSSION
1 What are the risk financing techniques?
2 What are the objectives of risk management?
3 Discuss the concept of Risk Management Information System
4 What are the types of RMIS?
5 Explain the concept of Risk Control and what are its various controls?
Check Your Progress: Model Answers
CYP 1
1 Cat Bonds are more formally known as catastrophe bonds These are risk- linked securities designed to transfer a specified set of risks from the issuer to the investors
2 The weather derivatives are financial instruments that can be used by companies as part of a risk management strategy to reduce the risk associated with adverse or unexpected weather conditions
CYP 2
1 Risk management 2 Risk Management Authority
3 financing 4 profit making activities
2.16 SUGGESTED READINGS
Dr P.K Gupta, Insurance and Risk Management, 1st edition, Himalaya Publishing House
Dr P.K Gupta, Fundamental of Insurance, 1st edition, Himalaya Publishing House
Trang 3939 Risk Management
C Gopala Krishnan, Insurance Principles & Practice, Sterling Publishers Pvt Ltd.,
New Delhi
George G.R Lucas, Ralph H Wherry, Insurance, Principles and Coverage, U.S.A
Prof K.S N Murthy and K.V.S Sarma, Modern Law of Insurance in India, N.M Tripathi
Pvt Ltd., Mumbai
P.S Palande, R.S Shah, M L Lunawat, Insurance in India, Sage Publications, New Delhi
Trang 4041 Risk Management
by Individuals
UNIT II