Risk management is the identification, appraisal, and prevention or minimization of exposures to accidental loss for an organization or individual. Since risk offers not only the opportunity for growth but also for harm, risk managers must predict and prevent or control any potential harm. Risk management is essential for companies to avoid costly mistakes and business losses. The practice of risk management utilizes many tools and techniques, including insurance, to manage a wide variety of risks facing any entity, from the largest corporation to the individual. The term "risk management" has usually referred to property and casualty exposures to loss but recently has come to include financial risk management, e.g., interest rates, foreign exchange rates, derivatives, etc.
The term "risk management" is a relatively recent evolution of the term "insurance management," and originated in the mid-1970s. The reason for this evolution is that the concept of risk management encompasses a much broader scope of activities and responsibilities than does insurance management. Risk management is now a widely accepted description of a discipline within most large companies as well as a growing number of smaller ones. The myriad risks faced by most businesses today necessitate a department solely devoted to managing these risks. Basic risks such as fire, windstorm, flood, employee injuries, and automobile accidents, as well as more complex exposures such as product liability, environmental impairment, and employment practices, are the province of the risk management department in a typical corporation.
These risks stem from various aspects of doing business and they generally fit into the following categories, according to Kevin Dowd in Beyond Value at Risk:
Generally, risk managers are insurance brokers who advise clients on insurance and risk, independent consultants on risk who work for a fee, or salaried employees—frequently treasurers and chief financial officers (CFOs)—who manage risk for their companies. Because risk management has become an increasing part of insurance brokers' responsibilities, many work for fees instead of for commissions.
According to C. Arthur Williams Jr. and Richard M. Heins, authors of Risk Management and Insurance, the risk management process includes six steps. These steps are: (1) determining the objective of the organization, (2) identifying exposures to loss, (3) measuring those same exposures, (4) selecting from alternative methods of risk management, (5) implementing a method or set of methods as a solution, and (6) monitoring the results. The objective of an organization—growth, for example—will determine the strategy for managing various risks. Identification and measurement are relatively straightforward. The possibility of an earthquake, for instance, may be identified as a potential exposure to loss, but if the exposed facility is in New York the probability of an earthquake is very low and will have a low priority as a risk to be managed.
There are many alternative methods available for the management of risk, including loss prevention, loss reduction, risk avoidance, and risk financing. Loss prevention involves preventing a loss from occurring, via such methods as employee safety training. Loss reduction is concerned with reducing the severity of a loss, through, for example, the installation of fire sprinklers. While sprinklers will not prevent fire from occurring, they will reduce the damage it may cause. Risk avoidance is another available tool for managing risk. An example of this method is a drug company deciding not to market a drug because of potential liability claims.
Risk managers also may opt to use risk financing, which refers to paying for losses by retention or transfer. Retention of risk—sometimes referred to as self-insurance—is the last resort for managing risk. If there is no other way to manage a particular risk, a company bears the losses resulting from its risks, or retains its losses. For example, the deductible of an insurance policy is a retained loss. In addition, companies may establish special funds to cover any losses.
Transferring risk is when the risk is shared by a party other than the company ultimately responsible for the risk, such as a contractor or a consultant who may contribute to a company's risk, or by an insurance provider. Companies can transfer their losses through insurance by obtaining insurance policies that cover various kinds of risk that are insurable; insurance constitutes the leading method of risk management. Insurance typically covers property risks such as fire, natural disasters, and vandalism, liability risks such as employer's liability and workers' compensation, and transportation risks covering air, land, and sea travel as well as transported property and transportation liability.
Some companies choose to finance their risk by acquiring insurance companies to cover all or part of their risks. Such insurance companies are known as "captive insurers." Awareness of, and familiarity with, various types of insurance policies is necessary for the risk management process.
Furthermore, risk financing is commonly classified as preloss or postloss financing. Preloss financing refers to financing secured in anticipation of loss, such as an insurance policy. Here, companies pay insurance premiums prior to suffering losses. In contrast, postloss financing is securing funds after losses when companies obtain financing in response to losses. For example, taking out a loan and issuing stocks are forms of postloss financing.
In the implementation step, combinations of the above tools may be used. Indeed, the basic risk management techniques—retention, reduction or avoidance, and transfer—are complementary and risk managers often must use a variety of methods to adequately manage a company's risks. The final step, called monitoring, is necessary to determine if the solution employed actually obtained the desired result or if that solution requires modification.
The Risk and Insurance Management Society (RIMS), the primary trade group for risk managers, predicts that the key areas for risk management in the 21st century will be operations management, environmental risks, and ethics. RIMS also believes more small- and medium-size companies will focus on risk management and will hire risk managers or assign risk management tasks to treasurers or CFOs.
As RIMS predicted, corporate risk managers began concentrating more on ensuring their companies' compliance with federal environmental regulations during the 1990s. According to Risk Management, risk managers started to assess environmental risks such as those associated with pollution, waste management, and environmental liability in order to help companies bolster profitability and competitiveness. In addition, stricter environmental regulations also prompted companies to have risk managers review their compliance with environmental policies to avoid any penalties for failing to comply.
Furthermore, Risk Management indicated that there were five times as many natural disasters in the 1990s as the 1960s and that insurers paid 15 times what they paid in the 1960s. For instance, there were a record 600 catastrophes worldwide in 1996, which caused 12,000 deaths and $9 billion in losses from insurance. Some experts attribute the increase in natural disasters to global warming, which they believe will lead to more and fiercer crop damage, droughts, floods, and windstorms in the future.
The trend towards mergers in the 1990s also affected risk management. More and more companies called on risk managers to assess the risks involved in these mergers and to join their merger and acquisition teams. Buyers and sellers both use risk managers to identify and control risks. Risk managers on the buying side, for instance, review a selling company's expenditures, insurance policies, loss experience, and other aspects that could result in losses. After that, they develop a plan for preventing or controlling the risks they identify.
A final trend in risk management has been the advent of nontraditional insurance policies, providing risk managers with a new tool for preventing and controlling risks. These insurance policies cover financial risks such as corporate profits and currency fluctuation. Consequently, such policies ensure a level of profit even if a company experiences unexpected losses from circumstances beyond its control, such as natural disasters or economic problems in other parts of the world. In addition, they guarantee profits for companies operating in international markets, preventing losses if a currency appreciates or depreciates.
[ Louis J. Drapeau ,
updated by Karl Heil ]
Dowd, Kevin. Beyond Value at Risk: The New Science of Risk Management. New York: John Wiley & Sons, Inc., 1998.
Feldman, Paul. "Risk Managers' 'Global' Concerns." Risk Management, June 1998, 64.
Head, George L., and Stephen Horn 11. Essentials of Risk Management. Vols. 1-11. Insurance Institute of America, 1991.
Katz, David M. "Cost Managers About to Become Asset Managers." National Underwriter Property and Casualty — Risk and Benefits Management, 2 December 1996.
"New RIMS President Delillo Sees RM Future in Operations, Not Finance." National Underwriter Property and Casualty—Risk and Benefits Management, 27 April 1998, 3.
Kroll, Karen M. "Covering Non-traditional Risks." Industry Week, I February 1999, 63.
Mills, Evan. "The Coming Storm: Global Warming and Risk Management." Risk Management, May 1998, 20.
Risk and Insurance Management Society, Inc. "Risk and Insurance Management Society, Inc. (RIMS) Website." Risk and Insurance Management Society, Inc., 1999. Available from www.rims.org .
Williams, C. Arthur, Jr., and Richard M. Heins. Risk Management and Insurance. New York: McGraw-Hill, 1989.
Wojcik, Joanne. "Gaining a Higher Profile." Business Insurance, 5 October 1998, 2.
Comment about this article, ask questions, or add new information about this topic: