The Role Of Risk Management In Producing An Effective Method
Of Handling Risks In Any Organization.
By Ian Thuo.
Risk is a part of every day life,
it is at the heart of free market societies, since it creates a
chance for profits to be made. As
such it can be defined as the combination of an event
and it's
consequences.
Inverse to this is that risks can also have a down side to them,
and may destroy the very
enterprises that they help create.
It is for this pivotal reason that
it is necessary for firms to seriously have procedures
to adequately respond to the risks
that they face. The two major categories of risks
poised to an organization are;
Speculative risks- Where a
specific value of capital is knowingly put at risk in the hope
that a profit may be derived from it. E.g.
pricing decisions or marketing strategies.
Operational risks- where something
unforeseen and unpleasant happens to the organization
or it's responsibility. E.g. loss of client
information after a computer hitch.
The structured process of
responding to risk is known as risk management, and is implementable to
all types of firms, from service providers such as HMOs' to industrial
equipment production firms.
The risk
management process
The process follows a rather
similar approach, where we begin first identifying risks
that affects the earning capacity
of the firm. E.g. is there a risk that contracted health providers will fail to
maintain desired level of service? Can the regulators fail to renew our
operational licenses? Can client information leak out of the organisation to unauthorized third parties?
This
process of risk identification can be done in various ways using various tools
available
to
the risk manager.
The
identified risks will then need to be assesed and analysed, using
methodologies such as; dependency models, and hazard indices.
Such
analysis can either be qualitative or quantitative in nature. Depending on what
kind of risks we are measuring and the background knowledge of the user of this
information. Qualitative analysis is generally subjective in nature and is used
by business managers without statistical background, whereas quantitative
analysis is statistical in nature and used by the actuaries and the likes.
Having
analyzed the risks affecting our organisation it is necessary
for the risk manager to prioritise this in relation
to the risk appetite of the organisation; that is at what
point is the risk a problem to the organization, this is based on the corporate
philosophy and the type of risk.
Prioritization
of risk is also dependant on statutory and management requirements.
Once
this task has been accomplished risk control plans must be put in place to
bring either eliminate this risks completely or to bring them down to
acceptable levels. Such plans must essentially include business continuity
plans which will enable an organization manage through an exposure once it has
occurred.
Various
types of exposures will require various types of controls. Taking the example
of a health insurance provider, the various risks that it can be exposed to
will include;
Risks within the
service chain,
and the chances of that chain being broken, leading to non delivery of service.
Technological and
e-commerce risks which has been
brought about by the use of the internet to sell products across borders.
Damage risks to its physical
assets and its people.
Intellectual
asset exposures
including the leakage of organizations’ information to third parties,
reputation and brand risks.
Liability risks such as those
associated with the public, its products, employees, workplace legislation and
even professional indemnity.
Product risks is worthy of
mention on it’s own and the risks under this exposure include, quality control,
brand risks, research and development exposures and product recall.
Other exposures will include,
political risks, external environment risks, contractual risks and counter
party risks.
Various options
exist to control exposures; they can be classified into;
Retained
risks-
those risks which after analysis were seen to be better of managed within the
organization. Methods include;
Self
insurance or funding where the organization say sets up
a fund from which dental and optical claims can be financed.
Captive
insurance company; where a completely autonomous
organization or subsidiary is set up to manage its exposures. This has tax
incentives for large multinationals that can use the strengths of their balance
sheet to manage their risks.
Absorbing
the exposure
as a risk to the organization, this is best seen in the retail supermarket
where shoplifting, or stock shrinkage is a simply factored in as a loss to the
organization.
Any
financing method must be thoroughly analysed including a cost
benefit analysis. And a written plan must be prepared and implemented to ensure
that no potentially destructive risk is left unmanaged.
It
is important to note that some of the killer risks to an organization are often
without any form of insurance to protect them. Hence innovative ways must be
thought out by the risk manager of how to best handle these exposures.
Transferring
risks-this
is transferring the consequences of any exposure to a third party to whom the
organization bears no responsibility. Can be done through;
Use of contract wordings,
thereby ensuring that risks are not brought into the organization or those
risks are transferred out of the organization. It is important to however note
that in the event that the counterparty fails to meet its obligation, the risk
will inevitably fall back on the risk manager’s organization, which may
inevitably be less prepared to handle it.
Risks
can also be transferred through the insurance industry, which is
best for low frequency, high severity risk since it brings down the cost of
protection by effecting the benefits of the law of large numbers.
However
as stated earlier conventional insurance is not available for some types of
risks, especially those catastrophic in nature. This has led to the creation of
what is known as the alternative risk transfer mechanisms (ART)
such instruments transfer risks into the capital markets of the world therefore
ensuring a wider capital base against exposures.
Such
control plans should be frequently reviewed and monitored to ensure they remain
up to date and relevant.
Summary
The
brief over view shows that every organization should with the help of a
professional risk consultant, seriously conduct an in depth look at the
exposures that they carry to ensure that these don’t hinder them from
attainment of their objectives, and also to ensure that the risk are managed in
the most cost effective manner to ensure maximum value to an organization and
it’s stakeholders.
No comments:
Post a Comment