Risk Management - Unit 1

File Downloaded From www.BUstudymate.
in
RISK MANAGEMENT - INTRODUCTION
Introduction to Risk:
The etymology of the word ―Risk‖ can be traced to the Latin word ―Rescum‖ meaning Risk at Sea or that
which cuts. Risk is associated with uncertainty and reflected by way of charge on the fundamental/basic i.e.
in the case of business it is the Capital, which is the cushion that protects the liability holders of an
institution. There are multiple definitions of risk. The lists following under the definition of risk:
• The likelihood and undesirable event will occur.

• The magnitude of loss from an unexpected event.
• The probability that ―things won’t go right‖.
• The effect of an adverse outcome.
These risks are inter-dependent and events affecting one area of risk can have ramifications and penetrations
for a range of other categories of risks. Foremost thing is to understand the risks run by the bank and to
ensure that the risks are properly confronted, effectively controlled and rightly managed. Each transaction
that the bank undertakes changes the risk profile of the bank. The extent of calculations that need to be
performed to understand the impact of each such risk on the transactions of the bank makes it nearly
impossible to continuously update the risk calculations. Hence, providing real time risk information is one of
the key challenges of risk management exercise.
Risk is a condition where there is a possibility of an adverse deviation from a desired outcome that is
expressed or hoped for. In insurance, the word risk has a technical meaning ―risk is uncertainty concerned
loss‖ the term used in insurance to mean either a peril to be insured against or a person or property protected
by insurance. The concept of risk in insurance refers only to uncertainty on economic matters. An insurance
company offer financial protection against the dangers and loses by promising to compensate the insured for
a relatively large loss in return for the payment of a much smaller but certain expenses called the premium.
Till recently all the activities of banks were regulated and hence operational environment was not conducive
to risk taking. Better insight, sharp intuition and longer experience were adequate to manage the limited
risks. Business is the art of extracting money from other’s pocket, sans resorting to violence. But profiting in
business without exposing to risk is like trying to live without being born. Everyone knows that risk taking is
failure prone as otherwise it would be treated as sure taking. Hence risk is inherent in any walk of life in
general and in financial sectors in particular. Of late, banks have grown from being a financial intermediary
into a risk intermediary at present. In the process of financial intermediation, the gap of which becomes
thinner and thinner, banks are exposed to severe competition and hence are compelled to encounter various
types of financial and non-financial risks. Risks and uncertainties form an integral part of banking which by
nature entails taking risks.
Meaning of Risk: A probability or threat of damage, injury, liability, loss, or any other negative occurrence
that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action.
Definition of Risk: ―a condition in which there exists an exposure to adversity‖
Meaning of Uncertainty: A situation in which something is not known, or something that is not known or
certain.
Swaminath S, Asst. Professor, Bangalore University Page 1

Visit www.BUstudymate.in For More Study Materiial
File Downloaded From www.BUstudymate.in
Definition of Uncertainty: “Situation where the current state of knowledge is such that (1) the order or
nature of things is unknown, (2) the consequences, extent, or magnitude of circumstances, conditions, or
events is unpredictable, and (3) credible probabilities to possible outcomes cannot be assigned. Although too
much uncertainty is undesirable, manageable uncertainty provides the freedom to make creative decisions.‖
Differences between Risk and Uncertainty:
Risk Uncertainty
In risk, possible outcomes of an element or While it is characterized by uncertainty if the
analysis involves risk of the probabilities of the frequency distribution of the possible outcomes
alternative are known. is not known
Risk is the dispersion of the probability While uncertainty is the degree of lack of
distribution of the element being estimated or confidence that the estimated probability
calculated outcomes (s) being considered. distribution is correct
Classification of Risk:
A. Strategic risks:
- Business environment
- Business strategy
- Product, distribution and sourcing policies
- Corporate reputation or brand image
- Design and other core expertise
B. Operational risks:
- Management, leadership and decision-making
- Operational processes (product range, distribution network, procurement and supply chains) and
their management
- Intangible assets
- Compliance with laws, regulations and agreements
- Information management
- Continuity of operations
- Compliance with requirements and responsible practices
C. Economic risks:
- Price development of production factors
- Price development of operating costs
- Financial risks & Financial reporting
D. Pure and Speculative Risk
o A pure risk is one in which there are only the possibilities of loss or no loss (earthquake)
o A speculative risk is one in which both profit or loss are possible (gambling)
E. Diversifiable Risk and Nondiversifiable Risk
o A diversifiable risk affects only individuals or small groups (car theft). It is also called
nonsystematic or particular risk.
o A nondiversifiable risk affects the entire economy or large numbers of persons or groups
within the economy (hurricane). It is also called systematic risk or fundamental risk.
o Government assistance may be necessary to insure nondiversifiable risks.

F. Enterprise risk encompasses all major risks faced by a business firm, which include: pure risk,
speculative risk, strategic risk, operational risk, and financial risk
– Financial Risk refers to the uncertainty of loss because of adverse changes in commodity
prices, interest rates, foreign exchange rates, and the value of money.
G. Enterprise Risk Management combines into a single unified treatment program all major risks
faced by the firm:
– Pure risk, Speculative risk
– Strategic risk, Operational risk
– Financial risk
H. Accident risks:
- The environment
- Personnel, Property, Business operations and Stakeholders
Major Personal Risks and Commercial Risks:
• Personal risks involve the possibility of a loss or reduction in income, extra expenses or depletion of
financial assets:
– Premature death of family head
– Insufficient income during retirement
• Most workers are not saving enough for a comfortable retirement
– Poor health (catastrophic medical bills and loss of earned income)
– Involuntary unemployment
• Property risks involve the possibility of losses associated with the destruction or theft of property:
– Physical damage to home and personal property from fire, tornado, vandalism, or other causes
• Direct loss vs. indirect loss
– A direct loss is a financial loss that results from the physical damage, destruction, or theft of
the property, such as fire damage to a home
– An indirect loss results indirectly from the occurrence of a direct physical damage or theft
loss, such as the additional living expenses after a fire to a home. These additional expenses
would be a consequential loss.
• Liability risks involve the possibility of being held liable for bodily injury or property damage to
someone else
– There is no maximum upper limit with respect to the amount of the loss
– A lien can be placed on your income and financial assets
– Defense costs can be enormous
• Commercial Risks
– Firms face a variety of pure risks that can have serious financial consequences if a loss occurs:
• Property risks, such as damage to buildings, furniture and office equipment
• Liability risks, such as suits for defective products, pollution of the environment, and
sexual harassment
• Loss of business income, when the firm must shut down for some time after a physical
damage loss
• Other risks to firms include crime exposures, human resource exposures, foreign loss
exposures, intangible property exposures, and government exposures

Internal Risks: Every business potentially faces challenges, or risks. Business risks are of a diverse nature
and arise due to innumerable factors. The internal risks are as follows.
 Human factors are an important cause of internal risks. They may result from strikes and lock-outs
by trade unions; negligence and dishonesty of an employee; accidents or deaths in the industry;
incompetence of the manager or other important people in the organization, etc. Also, failure of
suppliers to supply the materials or goods on time or default in payment by debtors may adversely
affect the business enterprise.
 Technological factors are the unforeseen changes in the techniques of production or distribution.
They may result in technological obsolescence and other business risks. For example, if there is some
technological advancement which results in products of higher quality, then a firm which is using the
traditional technique of production might face the risk of losing the market for its inferior quality
product.
 Physical factors are the factors which result in loss or damage to the property of the firm. They
include the failure of machinery and equipment used in business; fire or theft in the industry;
damages in transit of goods, etc. It also includes losses to the firm arising from the compensation paid
by the firm to the third parties on account of intentional or unintentional damages caused to them.
 Organizational and Operational: these are part of your operational and administrative procedures.
These include disorganized or inaccurate record keeping, outdated or faulty IT systems or
interruptions to your supply chain. If you don't stay on top of these your customers could come to see
you as unreliable, or you could potentially lose all your data.
 Strategic risks: these affect your businesses ability to reach the goals or objectives outlined in your
business plan. They could be due to the effects of changes in customer demand or technological
evolutions and could pose threats to your business in regards to how your products or services are
viewed and perceived by your customers (e.g overprices, or dull and outdated).
 Innovation: for a business to keep up with competitors, or more importantly to get one step ahead,
there needs to be innovation. This could be in the form of marketing and promotional initiatives
detailed in the marketing plan, staff training and welfare or embracing new technology. Regardless, a
lack of innovation can therefore pose a serious risk to a business progressing or growing, causing it to
remain boring, dull, stagnant and irrelevant.
 Financial: these are part of the financial structure of your business, business transactions, and the
financial systems you use. You could find being overly reliant on a single customer or changes in
interest rates. To keep on top of your finances, use our Checklist: Financial management.
 Employee risks: although employees are vital to business success, there are risks associated with
having employees. Some risks include key staff being ill and unable to work at an important or
extended time or an industry strike action. Find out more about how to review staff performance.
External Risks:
 Natural factors are the unforeseen natural calamities over which an entrepreneur has very little or no
control. They result from events like earthquake, flood, famine, cyclone, lightening, tornado, etc.
Such events may cause loss of life and property to the firm or they may spoil its goods. For example,
Gujarat earthquake caused irreparable damage not only to the business enterprises but also adversely
affected the whole economy of the State.

 Economic factors are the most important causes of external risks. They result from the changes in
the prevailing market conditions. They may be in the form of changes in demand for the product,
price fluctuations, changes in tastes and preferences of the consumers and changes in income, output
or trade cycles. The conditions like increased competition for the product, inflationary tendency in the
economy, rising unemployment as well as the fluctuations in world economy may also adversely
affect the business enterprise.
 Political factors have an important influence on the functioning of a business, both in the long and
short term. They result from political changes in a country like fall or change in the Government,
communal violence or riots in the country, civil war as well as hostilities with the neighboring
countries.
 Compliance risks: Compliance risks are part of the laws and regulations you must meet, such as
taxation, employment, health and safety, and fair trading. For specific information on taxation visit
the ATO website External link (opens in same window) or use our Checklist: Starting a business.
 Technological: To keep your business current, and relevant to the needs of your customers there are
instances where it may be important to keep up with technological developments. It's important to
monitor what is happening with technology outside your business, chat with other business owners,
stay tuned in to current trends by reading online, or find out more about how to develop an online
presence that succeeds.
 Health and Safety: apart from the legal and moral reasons for keeping your business safe for
employees and customers, your business could suffer if you don't manage the health and safety risks.
Some potential risks include regulations that might increase your production costs e.g. higher quality
standards, etc.
Risk Management: Management of risks is concerned with direction of purposeful activities towards the
achievement of individual or organizational goals. Risk Management may be defined as ―the identification,
analysis and economic control of those risks which can threaten the assets or earning capacity of an
enterprise.‖ Risk management evaluates which risks identified in the risk assessment process require
management and selects and implements the plans or actions that are required to ensure that those risks are
controlled.
Nature of Risk Management:
 Scientific approach to dealing with pure risks.

 Broader than insurance management.
 Differs from insurance management in philosophy.
 Pure and speculative risk,
 Fundamental and particular risk.
 Personal Risks, Property Risks, Liability Risks.
 Risk arising from failure on part of others.
 Fidelity Risks.
 Risks due to ownership and use of Transport vehicle.
Risk Analysis: Risk analysis is the process of defining and analyzing the dangers to individuals, businesses
and government agencies posed by potential natural and human-caused adverse events.

Personal Risks:
 Premature death (Dying too early), Dependent old age (Dying too late)
 Sickness or disability (Resulting in loss of income and earning power, involving additional expenses
and extra needs)
 Unemployment (Loss of income may be temporary/permanent, but routine living expenses continue.
Fixed liabilities like loan repayments have still to be paid ,hence further multiplying the difficulties)
Property Risks: damage to property, Loss of use of property, Additional expenses occasioned by the loss of
property
Liability Risks: They arise out of human mistakes often termed as civil wrongs committed by a person
resulting in injury and/or death to another person, and/or loss of or damage to property.
Risk arising from failure on part of others: Risk arising due to failure on part of another person to meet a
specified obligation, e.g. guarantee bonds and sureties.
Fidelity Risks: Risks arising due to dishonesty of employees and others in course of performance of their
duties causing loss of money and stocks to the owner
Risks due to ownership and use of Transport vehicle:

- Own damage or loss to the vehicle due to a variety of pure risks including negligence
- Death/injury to third parties and loss/damage to their property.
Features of Risk Management:
 To create the right corporate policies and strategy.

 To management men and machines (processes) effectively.
 To evaluate the risks confronted by a business.
 To effectively handle, spread, monitor and insure the risks.
 To introduce various plans and techniques to minimize the risks.
 To give advices and suggestions for handling the risks.
 To create risk awareness among the people.
 To avoid cost, disruption and unhappiness relating to risks.
 To decide which risks are worth taking/pursuing, and which should be shunned.
 To fix the sum assured under the policy and to decide on whether to insure or not.
 To select the appropriate technique or method to manage the risks.
Objectives of Risk Management:
 Protecting employees from accidents that might result in death or injury.

 Due attention given to cost of handling risks.
 Effective utilization of resources.
 Maintaining good relations with society and public.

Risk Planning:
A Risk Management Plan is a document that a project manager prepares to foresee risks, estimate impacts,
and define responses to issues. It also contains a risk assessment matrix.
A risk is "an uncertain event or condition that, if it occurs, has a positive or negative effect on a project's
objectives." Risk is inherent with any project, and project managers should assess risks continually and
develop plans to address them. The risk management plan contains an analysis of likely risks with both high
and low impact, as well as mitigation strategies to help the project avoid being derailed should common
problems arise. Risk management plans should be periodically reviewed by the project team to avoid having
the analysis become stale and not reflective of actual potential project risks. Most critically, risk management
plans include a risk strategy. Broadly, there are four potential strategies, with numerous variations. Projects
may choose to:
 Avoid risk — Change plans to circumvent the problem;

 Control/Mitigate risk; — Reduces impact or likelihood (or both) through intermediate steps;
 Accept risk — Take the chance of negative impact (or auto-insurance), eventually budget the cost
(e.g. via a contingency budget line);
 Transfer risk — Outsource risk (or a portion of the risk - Share risk) to third party/ies that can
manage the outcome. This is done e.g. financially through insurance contracts or hedging
transactions, or operationally through outsourcing an activity.
SARA for Share Avoid Reduce Accept, or A-CAT for "Avoid, Control, Accept, or Transfer"). Risk
management plans often include matrices.

Risk Management Includes:

 Risk Management Planning
 Risk Identification
 Qualitative Risk Analysis
 Quantitative Risk Analysis
 Risk Response Planning
 Risk Monitoring and Control
How is it done in project?

• Make Risk Management Part of Your Project.
• Identify Risks Early in Your Project.
• Communicate About Risks.
• Consider Both Threats and Opportunities.
• Clarify Ownership Issues.
• Prioritise Risks.
• Analyse Risks.
• Plan and Implement Risk Responses.
• Register Project Risks.
• Track Risks and Associated Tasks.
Who uses Risk Management?

• Finance and Investment,
• Insurance
• Health Care
• Public Institutions
• Governments
How to use Risk Management?

1. Allocate responsibilities, e.g., a Risk Management Champion and a working party.
2. Evaluate how Risk Management processes can be best applied in your national environment.
3. Survey existing skills and do training needs assessment.
4. Catalogue existing sources of data or information that can help in identifying risks.
5. Flow chart existing processes.
6. Communicate and consult – within Customs, with other Agencies, the trading community and
transport industry.
7. Obtain IT tools or set up processes for effectively operating a selectivity system.
8. Provide training in profiling/selectivity skills.
9. Test and gain confidence in the Risk Management process.
Administration of properties of an enterprise / Provision of adequate security arrangements / Interface

between Risk and Insurance: Insurance coverage is available for every conceivable risk your business
might face. Cost and amount of coverage of policies vary among insurers. You should discuss your specific
business risks and the types of insurance available with your insurance agent or broker. Your agency can
advise you on the exact types of insurance you should consider purchasing.

1. General Liability Insurance: Business owners purchase general liability insurance to cover legal
hassles due to accident, injuries and claims of negligence. These policies protect against payments as
the result of bodily injury, property damage, medical expenses, libel, slander, the cost of defending
lawsuits, and settlement bonds or judgments required during an appeal procedure.
2. Product Liability Insurance: Companies that manufacture, wholesale, distribute, and retail a
product may be liable for its safety. Product liability insurance protects against financial loss as a
result of a defect product that causes injury or bodily harm. The amount of insurance you should
purchase depends on the products you sell or manufacture. For example, A clothing store would have
far less risk than a small appliance store.
Commercial Property Insurance: Property insurance covers everything related to the loss and
damage of company property due to a wide-variety of events such as fire, smoke, wind and hail
storms, civil disobedience and vandalism. The definition of "property" is broad, and includes lost
income, business interruption, buildings, computers, company papers and money. Property insurance
policies come in two basic forms: (1) all-risk policies covering a wide-range of incidents and perils
except those noted in the policy; (2) peril-specific policies that cover losses from only those perils
listed in the policy. Examples of peril-specific policies include fire, flood, crime and business
interruption insurance.
3. Professional Liability Insurance: Business owners providing services should consider having
professional liability insurance (also known as errors and omissions insurance). This type of liability
coverage protects your business against malpractice, errors, and negligence in provision of services to
your customers. Depending on your profession, you may be required by your state government to
carry such a policy. For example, physicians are required to purchase malpractice insurance as a
condition of practicing in certain states.
4. Home-Based Business Insurance: Contrary to popular belief, homeowners' insurance policies do
not generally cover home-based business losses. Depending on risks to your business, you may add
riders to your homeowners' policy to cover normal business risks such as property damage. However,
homeowners' policies only go so far in covering home-based businesses and you may need to
purchase additional policies to cover other risks, such as general and professional liability.
The Evolution of Risk Management: In the current world of dwindling resources, increased competition
and rapid environmental shifts, many organizations are seeking greater returns on those resources invested in
process and technological changes. Many managers are becoming increasingly frustrated with the lack of
progress they are making to adapt to these changing conditions. Senior executives are becoming uneasy with
the quality of decision making and cite a significant body of research that indicates cognitive biases affecting
the most important strategic decisions made by even the smartest managers in the best companies.
Mergers routinely fail to deliver the expected synergies. Strategic plans are not achieved and large
investment projects are over budget and behind schedule over and over again. When surveyed, 75% of
senior managers admitted that major change initiatives had failed to achieve the results that were expected.
Further, 31% of major change initiatives are simply canceled before they are ever fully implemented. That
means nearly a third of all major changes across corporate America don’t even get fully implemented. When
one considers the costs associated with these failed efforts the numbers are staggering.

In the military environment, infrastructure changes and acquisition programs are falling further and further
behind while costs are increasing. Program managers are finding that fewer programs are meeting reliability
expectations established during the requirements development phase. Much of the lack of success in
obtaining the rewards of change is due to the inability to effectively bound the risks associated with change.
Many managers have implemented structured risk management tools and processes but have failed to
successfully balance the risk/reward equation. The leader’s actions and the culture of the organization inhibit
free thought and risk taking. The bias for risk aversion has constrained the opportunity for reward.
Without risk taking, and the prudent management of those risks….the rewards will not materialize
The techniques and tools identified above are essential in the environment of complex organizational
systems. Managers are beginning to realize that the shift from managing teams and/or projects is
significantly different from facilitating teams in the creation of process change innovation. The leadership
challenges have shifted from problem understanding and definition, direction setting, and ultimate decision
making to:
 Balancing competing forces such as overconfidence vs. insufficient confidence;

 Fostering constructive dissent;
 Establishing buy in or enthusiasm vs. reluctant obedience;
 Shaping perceptions and beliefs; and
 Learning from failure.
Risk Identification:
Definition – According to Williams and Heinz, risk identification is ―the process by which a business
systematically and continuously identifies property, liability, and personnel exposures as soon as or before
they emerge.‖

Identifying Business Risk Exposure:
Exposure of Physical Assets / Property: property insurance policies typically promise to indemnify the
insured for damage to covered property on one of two bases;
1. Replacement Cost: it is also known as re-instatement value, is the cost at the time of loss to replace
destroyed or severely damaged property with the same or like-kind new property or the cost to repair
damaged property, in each instance without deduction for any depreciation or obsolescence in
property value.
2. Actual cash value (ACV): ACV is the cost presently (not original purchase price) to replace or
repair damage property less the value of physical depreciation and obsolescence.
Types of Property Losses Exposure:
 Direct loss: it is experienced when the value of the property is directly damaged, destroyed or
disappeared on coming in contact with the peril. E.g. a building destroyed by fire or jewels stolen
from a safe.
 Indirect loss: it refers to situation where the value of property is lessened as a result of direct
damage to some other property. Eg changes in temperature
 Net income loss: it refers to the reduction in net income (revenues or expenses) of the business when
property is damaged or destroyed.
 Decrease in revenues: in may be on account of various factors;
 Loss of rent: a tenant may not be responsible to pay rent during the time property is non-tenantable.
 Interruption in operations: firms may suspend operations when assets are damaged. This can lead
to two types of losses.
a) Loss of net profit that the business would have earned if no interruption were there; and
b) Expenses that continue despite interruption.
 Increase in expenses: these may similarly be incurred when a firm has to spend extra money in the
wake of damage of property.
Types of Financial Asset Exposure:
 Credit Exposure: credit exposure is the possibility that customers who have been granted credit will
either fail to pay when payment is due, or will delay payment and take longer credit than agreed.
Failure to pay is a bad debt risk that has an impact on profits.
 Currency Exposure: it involves losses from adverse movements in foreign exchange rates, both
short term and long term
 Country Exposure:
o Political Exposure: this is the exposure of deteriorating financial conditions from
consequences of a change of govt. or political regime, or from continuing uncertainty about
what a govt. might do.
o Regulatory Exposure: this is the exposure that regulations affecting financial conditions
will be introduced, or that existing regulations will be enforced more severely than in the
past.

o Economic Exposure: this is the exposure that economic conditions within a country will
have harmful financial consequences, particularly for inflation, interest rates and foreign
exchange rates.
 Liquidity Exposure: This is refers to the possibility that the market for a security, such as a bond or
stock might be liquid, so that holders of the security could have difficulty in selling their holding
easily, should they wish to do so, at a fair price.
Exposure to Legal Liability: There are three broad classes of legal liability
 A crime is a legal wrong against society that is punishable by fines, imprisonment, or death.
 A breach of contract is another class of legal wrongs.
 A tort is a legal wrong for which the law allows a remedy in the form of money damages.
The person who is injured or harmed (called the plaintiff or claimant) by the actions of another person (called
defendant or tort teaser) can sue for damages.
Criminal Law: It involves an offense against society, such as murder, robbery, or attack. In criminal
cases, a state or central govt. brings formal charges against the accused person, who is called the defendant.
Such formal charges are known as indictments.
Civil Law: It involves lawsuits or disputes between two parties. This may include a citizen suing
another citizen.
Torts can be classified into Three Categories:
 Intentional Torts: It can arise from an intentional act or omission those results in harm or injury to
another person or damage to the person’s property.
 Absolute or Strict Liability: it means a liability is imposed regardless of negligence or fault.
Absolute liability is also referred to as strict liability. Some common situations of absolute liability
include the fallowing.
o Blasting operations that injure another person,
o Manufacturing of explosives,
o Owning wild or dangerous animals,
o Crop spraying by airplanes,
o Occupational injury and disease of employees under a worker’s compensation law.
 Negligence: It is another type of tort that can result in substantial liability. Because negligence is so
important in liability insurances, it merits special attention.
Types of Legal Liability Exposure:
 Arises from Ownership: liability may arise out of ownership, use, or possession of premises. This
implies a responsibility to keep the premises safe and to avoid any cause for public or private
trouble.
 Arises from Fiduciary Relations: liability can also arise from fiduciary relations. For e.g. a firm’s
directors hold a position of trust and are enjoyed with a duty of care and loyalty to shareholders and
other stakeholders. Failure to discharge this duty can be cause for liability.

 Employer’s liability: employer’s liability for job related injuries and diseases from a fourth source.
They are typically met by workmen’s compensation insurance.
 Arises from Manufacture: liability arises from the manufacture, distribution, and sale of products
and services by the firm.
Risk Identification: The various methods & techniques of risk identification are: -
 Preparing Checklist of risks or various losses which may arise due to risks.
 On-site Inspections and risk assessment, Financial Statement analysis.
 Flowchart preparation and identification of risky activities.
 Interaction with employees for their views about risk exposures of business based on their knowledge
and experience.
 Statistical records of occurrence of losses related to various categories of risks.
 Orientation, Risk analysis questionnaires, Exposure checklists, SWOT Analysis
 Insurance policy checklists, Flow process charts, Analysis of financial statements
 Other internal records, Inspections, Interviews, Brainstorming, Delphi Technique, Interviewing
 Root Cause Identification, Assumption Analysis, Diagramming Techniques
Common Risk Identification Methods are:
 Objective based risk identification: organization and project teams have objectives. Any event that
may endanger achieving an objective partly or completely is identified as risk.
 Scenario based risk identification: in scenario analysis different scenarios are created. The
scenarios may be alternative ways to achieve an objective, or an analysis of the interaction of forces
in, e.g. a market or battle. Any event that triggers an undesired scenario alternative is defined as risk.
 Taxonomy based risk identification: it involves a breakdown of possible risk sources. Based on the
taxonomy and knowledge of best practices, a questionnaire is complied. The answered to the
question reveals risk.
 Common risk checking: in several industries, lists with known risks are available. Each risk in the
list can be checked for application to a particular situation.
 Risk charting: This method combines the above approaches by listing resources at risk, threats to
those resources, modifying factors which may increase or decrease the risk and consequences which
are to be avoided. Alternatively, one can start with the threats and examine which resources they
would affect, or one can begin with the consequences and determine which to take into.
Risk Management Methods:
1. Loss Control: Risk control is a generic term to describe techniques for reducing the frequency or
severity of losses. It includes fallowing types.
o Risk avoidance
o Risk / loss prevention
o Risk / loss reduction
o Risk retention
o Risk transfer

2. Loss Financing: it refers to techniques that provide for the funding of losses after they occur. It
involves transferring the risk or retention of risk.
3. Internal Risk Reduction: risk reduction involves methods that reduce the severity of loss or the
likelihood of the loss from occurring. It can be avoided by taking appropriate steps for prevention of risk or
avoiding loss, such steps include adaption of safety include adaption of safety program, installation of waste
material.
Risk Analysis / Risk Assessment:
It is a process of defining and analyzing the dangers to individuals, business and government agencies posed
by potential natural and human caused ad versed events. The analysis also helps the company draft a proper
budget for a security program and its constituent security components.
If the risk is determined to be significant enough, precautions should be put into place so that the risk is
minimized or dispensed with altogether. Risk assessment is the determination of quantitative or qualitative
value of a risk related to a concrete situation and a recognized threat (also called hazard). Thus risk
assessment is a method of identifying vulnerabilities and threats, and assessing the possible damage to
determine where to implement security safeguards. Risk analysis is used to ensure the security is cost
effective, relevant, timely and responsive to threats.
Types of Risk Assessment:
1. Quantitative Risk Assessment - The single loss expectancy can be defined as the loss of value to
asset based on a single security incident. The Annualized Rate of Occurrence (ARO) is an estimate
based on the data of how often a threat would be successful in exploiting vulnerability. From this
information, the Annualized Loss Expectancy (ALE) can be calculated.
2. Qualitative risk assessment - it is used in most often, does not involve numerical probabilities or
predictions of loss. Instead, the qualitative method involved defining the various threats, determining
the extent of vulnerabilities and devising countermeasures should an attack occur.
Process of Risk Assessment: Risk assessment includes risk determination and risk evaluation. Risk
determination involves the related process of risk identification and risk estimation. There are five steps that
should be undertaken when conducting a thorough risk assessment.
Step 1: the initial step is to look for hazards. Take a tour of the workplace and check for potential
dangers concentrate on anything with the potential to cause serious harm to employees.
Step 2: the second step is to decide who might be harmed and how .
Step 3: with this step one must calculate whether there have been enough precautions put into place
to encounter the hazard.
Step 4: the next step is to record findings. Risk assessment check must show that it has dealt with all
obvious hazards.
Step 5: the final step is to review risk assessment procedures and make revisions if necessary.

Loss Frequency or Severity: Once risk exposure is identified, the loss frequency and loss severity is
estimated. Loss frequency refers to the likely number of times that a loss might occur over a period of time.
Loss severity describes the potential magnitude of losses.
Techniques of Estimating both loss Frequency and Severity:
Risk Mapping or Profiling: One such method of risk mapping sometimes referred to as risk profiling. Since
integrated risk management is based on identifying all the risks facing the firm, it is not unusual for a firm to
identify in excess of 100 risks when using this approach. Risk mapping or profiling involves arraying these
risks in a matrix, which one dimension being the frequency of event and other being the severity. Each risk is
then marked to indicate whether it is covered by insurance or not.
Statistical Concepts:
 Random variable (RV): The value of the variable determined by the outcome of a random
experiment is called random variable. E.g. 0, 1, 2… then it are called discrete random variable. If the
random variable takes value within a certain range it is called continuous random variable, e.g.
height and weight of individuals, yield of a particular crop etc…
 Probability: A probability distribution is a mutually exclusive and collectively exhaustive list of all
events that can result from a chance process and contains the probability associated with each event.
Thus, risk manager may monitor the events (losses) that occur to a fleet of automobiles to deter mine
how often losses of a particular size occur.
 Measure of Central Tendency: When risk management speaks of various measures of central
tendency, they are concerned with measuring the center of a probability distribution. Another
measure of central tendency is the median, which is the midpoint in a range of measurements. It is
the point such that half of the items are larger and half are smaller than it. Mode is the value of the
variable that occurs most often in a frequency distribution. A measure of central tendency for a risk
manager, the mode is not as widely used as the mean or median.
 Measure of Variation: The standard deviation is a number that measures how close a group of
individual measurements is to its expected value. To calculate the standard deviation of a group of
measures, one must first determine the mean or expected value. Then each individual value is
subtracted from the mean, and the resulting figure is squared. The squared differences are added
together, with the sum divided by the total number of measurements. The result is the mean of the
squared deviation, which is known as variance. The squared root of variance is the standard
deviation.
 Skewness: It measures of central tendency give us an estimate of the representative value of a series,
the measures of dispersion gives an indication of the extent to which the items cluster around or
scatter away from the central value and the skewness is a measure that refers to the extent of
symmetry or asymmetry in distribution.
 Covariance and Correlations: It measures the degree to which a pair of returns tent to, move
together. A positive covariance or correlation between two returns means that the two returns tend to
move together, when one return is above its mean, the other tends to be above its mean. A negative
covariance or correlation means that the returns tend to move in opposite directions. The covariance
is a measure of relatedness that depends on the unit of measurement.

Loss Distributions used in Risk Management: Probability distributions can be very useful tools for
evaluating the expected frequency and or severity of losses due to identified risks. In risk management, two
types of probability distribution are used; empirical and theoretical: -
There are three theoretical probability distributions used widely in risk management;
 Binomial distribution: It is the discrete probability distribution of the number of successes in a
sequence of independent yes/no experiments, each of which yields success with probability p. such a
success /failure experiment is also called a Bernoulli experiment or Bernoulli trial. In fact when n=1,
the binomial distribution is a Bernoulli distribution. The binomial distribution is the basis for the
popular binomial test of statistical significance.
 Poisson distribution: It is a discrete probability distribution that expresses the probability of a
number of events occurring in a fixed period of time if these events occur with a known average rate
and independently of the time since the last event.
 Normal distribution: the most important continuous probability distribution used in the entire field
of statistical is normal distribution. Its graph, called normal curve, is a bell-shaped that extends
indefinitely in both directions, coming closer & closer to the horizontal axis without ever reaching it.
Integrated Risk Measurement:
 Value at Risk: one approach is being used in VAR. VAR analysis has been used by banks to
quantity financial risk, but is increasingly being considered by other types of firms that wish to
assess all types of risks in a coordinated framework. VAR analysis constructs probability
distributions of the risk alone and in various combinations, to obtain estimates of the risk of loss at
various probability levels. This type of analysis yields a numerical statement of the maximum
expected loss in a specified time period and at a given probability level.
 Risks Adjusted Return on Capital (RAROC): This approach used in an enterprise wide
assessment of risk is Risks Adjusted Return on Capital (RAROC). This approach attempts to allocate
risk costs to the many different activities of the firm, such as products, projects, loans, and so on.
Risk Control: Risk control is the process of implementing measures to reduce the risk associated with a
hazard. The process of integrating findings from the risk assessment with technical , financial , policy, and
non-technical concerns of shareholders, to develop and select suitable risk control actions, and
implementation of these actions. To understand this phase better, it is important to recognize that the
opposite of risk control is when an organization experiences losses that are unplanned, sudden, and
sometimes violent or catastrophic. Implementing risk control means making a conscious decision to take
action with respect to a risk.
Risk Avoidance: It includes not performing an activity that could carry risk. For eg not buying a property or
business in order to not to take on the liability that comes with it.
Risk Prevention: It refers to measures that reduce the frequency of a particular loss. Loss prevention as its
name implies, focuses on stopping loss from happening. The foremost purpose of loss prevention is to
preserve human life. For eg if a mail order business finds that goods are being damaged in the delivery
process, it may switch to a more secure and reliable delivery service, thus eliminating property damage and
customer dissatisfaction.

Risk Reduction: It involves methods that reduce the severity of the loss of the likelihood of the loss from
occurring. In this method , the business reduce risk by taking appropriate steps for prevention of business risk
or avoiding loss, such steps include adaptation of safety programs, installation of alarm and extinguisher,
employment of night security guard, arranging for medical care and disposal of waste material, etc.
Risk Retention: It entails financing all or part of loss from company’s cash flow. Risk retention involves
accepting the loss when it occurs. It is a viable strategy for small risks where the cost of insuring against the
risk would be greater over time, than the losses sustained. It can be effectively used in a risk management
program under the fallowing conditions.
Risk Transfer: These are other risk financing techniques. Risk transfers are methods other than insurance by
which a pure risk and its potential financial consequences are transferred to another party. In other words,
under this method, a person who is subjected to risk may include another person to assume the risk. E.g. of
risk transfers include contracts, leases, and hold harmless agreements.
Perils and Hazards:
People often use the word ―risk‖ to describe a loss. Examples include hurricane risk or fraud risk. To
differentiate between loss and risk, risk management professionals prefer to use the term perils to refer to
―the causes of loss.‖ If we wish to understand risk, we must first understand the terms ―loss‖ and ―perils.‖
We will use both terms throughout this text. Both terms represent immediate causes of loss. The environment
is filled with perils such as floods, theft, death, sickness, accidents, fires, tornadoes, and lightning—or even
contaminated milk served to Chinese babies. We include a list of some perils below.
Types of Perils by Ability to Insure:

Natural Perils Human Perils
Generally Generally Difficult to Generally Generally Difficult to
Insurable Insure Insurable Insure
Windstorm Flood Theft War
Lightning Earthquake Vandalism Radioactive contamination
Natural combustion Epidemic Hunting accident Civil unrest
Heart attacks Volcanic eruption Negligence Terrorism
Frost (Ice Crystals) Fire and smoke
Global
E-commerce
Although professionals have attempted to categorize perils, doing so is difficult. We could talk about natural
versus human perils. Natural perils are those over which people have little control, such as hurricanes,
volcanoes, and lightning. Human perils, then, would include causes of loss that lie within individuals’
control, including suicide, terrorism, war, theft, defective products, environmental contamination, terrorism,
destruction of complex infrastructure, and electronic security breaches.

Though some would include losses caused by the state of the economy as human perils, many professionals
separate these into a third category labeled economic perils. Professionals also consider employee strikes,
arson for profit, and similar situations to be economic perils.
Hazards: Risk professionals refer to hazards as conditions that increase the cause of losses. Hazards may
increase the probability of losses, their frequency, their severity, or both. That is, frequency refers to the
number of losses during a specified period. Severity refers to the average dollar value of a loss per
occurrence, respectively. Professionals refer to certain conditions as being ―hazardous.‖ For example, when
summer humidity declines and temperature and wind velocity rise in heavily forested areas, the likelihood of
fire increases. Conditions are such that a forest fire could start very easily and be difficult to contain. In this
example, low humidity increases both loss probability and loss severity. Two kinds of hazards—physical and
intangible—affect the probability and severity of losses.
Physical Hazards: We refer to physical hazards as tangible environmental conditions that affect the
frequency and/or severity of loss. Examples include slippery roads, which often increase the number of auto
accidents; poorly lit stairwells, which add to the likelihood of slips and falls; and old wiring, which may
increase the likelihood of a fire.
Physical hazards that affect property include location, construction, and use. Building locations affect their
susceptibility to loss by fire, flood, earthquake, and other perils. A building located near a fire station and a
good water supply has a lower chance that it will suffer a serious loss by fire than if it is in an isolated area
with neither water nor firefighting service. Similarly, a company that has built a backup generator will have
lower likelihood of a serious financial loss in the event of a power loss hazard.
Construction affects both the probability and severity of loss. While no building is fireproof, some
construction types are less susceptible to loss from fire than others. But a building that is susceptible to one
peril is not necessarily susceptible to all. For example, a frame building is more apt to burn than a brick
building, but frame buildings may suffer less damage from an earthquake.
Use or occupancy may also create physical hazards. For example, buildings used to manufacture or store
fireworks will have greater probability of loss by fire than do office buildings. Likewise, buildings used for
dry cleaning (which uses volatile chemicals) will bear a greater physical hazard than do elementary schools.
Cars used for business purposes may be exposed to greater chance of loss than a typical family car since
businesses use vehicles more extensively and in more dangerous settings. Similarly, people have physical
characteristics that affect loss. Some of us have brittle bones, weak immune systems, or vitamin deficiencies.
Any of these characteristics could increase the probability or severity of health expenses.
Intangible Hazards:
Here we distinguish between physical hazards and intangible hazards—attitudes and nonphysical cultural
conditions can affect loss probabilities and severities of loss. Their existence may lead to physical hazards.
Traditionally, authors of insurance texts categorize these conditions as moral and morale hazards, which are
important concepts but do not cover the full range of nonphysical hazards. Even the distinction between
moral and morale hazards is fuzzy.

Moral hazards are hazards that involve behavior that can be construed as negligence or that borders on
criminality. They involve dishonesty on the part of people who take out insurance (called ―insureds‖). Risk
transfer through insurance invites moral hazard by potentially encouraging those who transfer risks to cause
losses intentionally for monetary gain. Generally, moral hazards exist when a person can gain from the
occurrence of a loss. For example, an insured that will be reimbursed for the cost of a new stereo system
following the loss of an old one has an incentive to cause loss. An insured business that is losing money may
have arson as a moral hazard. Such incentives increase loss probabilities; as the name ―moral‖ implies, moral
hazard is a breach of morality (honesty).
Morale hazards, in contrast, do not involve dishonesty. Rather, morale hazards involve attitudes of
carelessness and lack of concern. As such, morale hazards increase the chance a loss will occur or increase
the size of losses that do occur. Poor housekeeping (e.g., allowing trash to accumulate in attics or basements)
or careless cigarette smoking are examples of morale hazards that increase the probability fire losses. Often,
such lack of concern occurs because a third party (such as an insurer) is available to pay for losses. A person
or company that knows they are insured for a particular loss exposure may take less precaution to protect this
exposure than otherwise. Nothing dishonest lurks in not locking your car or in not taking adequate care to
reduce losses, so these don’t represent morality breaches. Both practices, however, increase the probability of
loss severity.
Advantage of Risk Management:
 It encourages the firm to think about its threats. In particular, risk management encourages it to
analyze risks that might otherwise be overlooked.
 In clarifying the risk, it encourages the firm to be better prepared. In other words, it helps the firm to
manage itself better.
 It lets the organization prioritize its investment and reduces internal disputes about how money
should be spent.
 It reduces manpower duplication (e.g. one manager can often oversee both quality and environment
risk).
 It reduces duplication of systems. Integration of environment and health and safety systems are one
instance.
Disadvantages of Risk Management:
 If risks are improperly assessed and prioritized, time can be wasted in dealing with risk of losses that
are not likely to occur.
 Unlikely events do occur but if the risk is unlikely enough to occur it may be better to simply retain
the risk and deal with result if the loss does in fact occur.
 Qualitative risk assessment is subjective and lacks consistency
 Prioritizing the risk management processes too highly could keep an organization form ever
completing a project or even getting started. This is especially true if other works is suspended until
the risk management process is considered complete.
********************


Risk Management - Unit 1

Uploaded by

Copyright:

Available Formats

Risk Management - Unit 1

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Risk Management - Unit 1

Uploaded by

Copyright:

Available Formats

File Downloaded From www.BUstudymate.

• The likelihood and undesirable event will occur.

Definition of Risk: ―a condition in which there exists an exposure to adversity‖

Swaminath S, Asst. Professor, Bangalore University Page 1

Differences between Risk and Uncertainty:

Swaminath S, Asst. Professor, Bangalore University Page 2

Major Personal Risks and Commercial Risks:

Swaminath S, Asst. Professor, Bangalore University Page 3

Swaminath S, Asst. Professor, Bangalore University Page 4

Nature of Risk Management:

 Scientific approach to dealing with pure risks.

Swaminath S, Asst. Professor, Bangalore University Page 5

Risks due to ownership and use of Transport vehicle:

Features of Risk Management:

 To create the right corporate policies and strategy.

Objectives of Risk Management:

 Protecting employees from accidents that might result in death or injury.

Swaminath S, Asst. Professor, Bangalore University Page 6

 Avoid risk — Change plans to circumvent the problem;

Swaminath S, Asst. Professor, Bangalore University Page 7

Risk Management Includes:

How is it done in project?

Who uses Risk Management?

How to use Risk Management?

Administration of properties of an enterprise / Provision of adequate security arrangements / Interface

Swaminath S, Asst. Professor, Bangalore University Page 8

Swaminath S, Asst. Professor, Bangalore University Page 9

 Balancing competing forces such as overconfidence vs. insufficient confidence;

Swaminath S, Asst. Professor, Bangalore University Page 10

Identifying Business Risk Exposure:

Types of Property Losses Exposure:

Types of Financial Asset Exposure:

Swaminath S, Asst. Professor, Bangalore University Page 11

Torts can be classified into Three Categories:

Types of Legal Liability Exposure:

Swaminath S, Asst. Professor, Bangalore University Page 12

Common Risk Identification Methods are:

Risk Management Methods:

Swaminath S, Asst. Professor, Bangalore University Page 13

Risk Analysis / Risk Assessment:

Types of Risk Assessment:

Swaminath S, Asst. Professor, Bangalore University Page 14

Techniques of Estimating both loss Frequency and Severity:

Swaminath S, Asst. Professor, Bangalore University Page 15

Integrated Risk Measurement:

Swaminath S, Asst. Professor, Bangalore University Page 16

Perils and Hazards:

Types of Perils by Ability to Insure:

Swaminath S, Asst. Professor, Bangalore University Page 17

Swaminath S, Asst. Professor, Bangalore University Page 18

Advantage of Risk Management:

Disadvantages of Risk Management:

Swaminath S, Asst. Professor, Bangalore University Page 19

You might also like