Risk is a part of
every day life, it is at the heart of free market societies, since it creates a
chance for
profits to be made. As such it can be defined as the combination of an
event
and it's
consequences. Inverse to this is that risks can
also have a down side to them,
and may destroy
the very enterprises that they help create.
It is for this
pivotal reason that it is necessary for firms to seriously have procedures
to adequately
respond to the risks that they face. The two major categories of risks
poised to an
organization are;
Speculative risks-
Where a specific value of capital is knowingly put at risk in the hope
that a profit may be derived from it. E.g.
pricing decisions or marketing strategies.
Operational risks-
where something unforeseen and unpleasant happens to the organization
or it's responsibility. E.g. loss of client
information after a computer hitch.
The structured
process of responding to risk is known as risk management, and is implementable
to all types of firms, from service providers such as HMOs' to industrial
equipment production firms.
The risk
management process
The process
follows a rather similar approach, where we begin first identifying risks
that affects the
earning capacity of the firm. E.g. is there a risk that contracted health
providers will fail to maintain desired level of service? Can the regulators
fail to renew our operational licenses? Can client information leak out of the organisation to unauthorized third parties?
This process of risk identification
can be done in various ways using various tools available
to the risk manager.
The identified risks will then need
to be assesed and analysed,
using
methodologies such as; dependency models, and hazard indices.
Such analysis can either be
qualitative or quantitative in nature. Depending on what kind of risks we are
measuring and the background knowledge of the user of this information. Qualitative analysis is generally subjective in nature and is used
by business managers without statistical background, whereas quantitative
analysis is statistical in nature and used by the actuaries and the likes.
Having analyzed the risks affecting
our organisation it is necessary for the risk
manager to prioritise this in relation to the risk
appetite of the organisation; that is at what point is the risk
a problem to the organization, this is based on the corporate philosophy and
the type of risk.
Prioritization of risk is also
dependant on statutory and management requirements.
Once this task has been
accomplished risk control plans must be put in place to bring either eliminate
this risks completely or to bring them down to acceptable levels. Such plans
must essentially include business continuity plans which will enable an
organization manage through an exposure once it has occurred.
Various types of exposures will
require various types of controls. Taking the example of a health insurance
provider, the various risks that it can be exposed to will include;
Risks
within the service chain, and the chances of that chain
being broken, leading to non delivery of service.
Technological
and e-commerce risks
which has been brought about by the use of the internet to sell products across
borders.
Damage
risks
to its physical assets and its people.
Intellectual
asset exposures including the leakage of
organizations’ information to third parties, reputation and brand risks.
Liability
risks
such as those associated with the public, its products, employees, workplace
legislation and even professional indemnity.
Product
risks
is worthy of mention on it’s own and the risks under this exposure include,
quality control, brand risks, research and development exposures and product
recall.
Other
exposures will include, political risks,
external environment risks, contractual risks and counter party risks.
Various
options exist to control exposures; they can be classified into;
Retained risks-
those risks which after analysis were seen to be better of managed within the
organization. Methods include;
Self
insurance or funding where the organization say sets up
a fund from which dental and optical claims can be financed.
Captive
insurance company; where a completely autonomous
organization or subsidiary is set up to manage its exposures. This has tax
incentives for large multinationals that can use the strengths of their balance
sheet to manage their risks.
Absorbing
the exposure as a risk to the organization,
this is best seen in the retail supermarket where shoplifting, or stock
shrinkage is a simply factored in as a loss to the organization.
Any
financing method must be thoroughly analysed
including a cost benefit analysis. And a written plan must be prepared and
implemented to ensure that no potentially destructive risk is left unmanaged.
It
is important to note that some of the killer risks to an organization are often
without any form of insurance to protect them. Hence innovative ways must be
thought out by the risk manager of how to best handle these exposures.
Transferring risks-this
is transferring the consequences of any exposure to a third party to whom the
organization bears no responsibility. Can be done through;
Use of contract wordings,
thereby ensuring that risks are not brought into the organization or those
risks are transferred out of the organization. It is important to however note
that in the event that the counterparty fails to meet its obligation, the risk
will inevitably fall back on the risk manager’s organization, which may
inevitably be less prepared to handle it.
Risks
can also be transferred through the insurance industry, which is
best for low frequency, high severity risk since it brings down the cost of
protection by effecting the benefits of the law of large numbers.
However
as stated earlier conventional insurance is not available for some types of
risks, especially those catastrophic in nature. This has led to the creation of
what is known as the alternative risk transfer mechanisms (ART)
such instruments transfer risks into the capital markets of the world therefore
ensuring a wider capital base against exposures.
Such
control plans should be frequently reviewed and monitored to ensure they remain
up to date and relevant.
Summary
The
brief over view shows that every organization should with the help of a
professional risk consultant, seriously conduct an in depth look at the
exposures that they carry to ensure that these don’t hinder them from
attainment of their objectives, and also to ensure that the risk are managed in
the most cost effective manner to ensure maximum value to an organization and
it’s stakeholders.
No comments:
Post a Comment