RISK MANAGEMENT AND

INSURANCE

Module-1
 CONTENTS
Introduction to risk management
Sources of risk-methods of handling risk-degree of risk-management of risk.
Risk management process.
Risk management by individuals and Corporations.
Understanding the cost of risk-individual risk management and the cost of risk.
Risk management and societal welfare.
INTRODUCTION

Risk is virtually anything that threatens or limits the ability of a

community or nonprofit organisation to achieve its mission.
It can be unexpected and unpredictable events such as destruction of a
building, the wiping of all your computer files, loss of funds through
theft or an injury to a member or visitor who trips on a slippery floor
and decides to sue.
Any of these or a million other things can happen, and if they do they
have the potential to damage your organisation, cost you money, or in a
worst case scenario, cause your organisation to close.
.CONTD
Risk management
Risk management is a process of thinking systematically about all possible risks,
problems or disasters before they happen and setting up procedures that will avoid
the risk, or minimise its impact, or cope with its impact.
It is basically setting up a process where you can identify the risk and set up a
strategy to control or deal with it.
It is also about making a realistic evaluation of the true level of risk.

Uncertainty
Situation where the current state of knowledge is such that the order or nature of
things is unknown, the consequences, extent, or magnitude of circumstances,
conditions, or events is unpredictable.
.CONTD
Types of Risk:
There are two different types of risk: systematic risk and unsystematic risk.

Systematic risk is volatility caused by factors in the economic system that affect all investments
resulting in either losses or gains. For example, the risk of higher oil prices is a systematic risk factor.
Higher oil prices affect transportation costs, which in turn, affects the price of almost everything else in
the economy. Higher oil prices result in losses for car rental firms, trucking firms, shipping firms, and
airlines.
They cause higher prices for food (all of which is transported from where it is grown to where it is sold
to consumers), and raw materials for manufacturers which leads to higher prices for finished goods.
Since consumers must pay higher prices for fuel, they have less money to spend on other consumer items
which produces losses for firms supplying these products. Since higher oil prices raise the prices of
everything else, and since consumption drives about 66% of the U.S. GDP, higher oil prices causes the
entire economy to slow down.
Systematic risk goes by three other names: undiversifiable risk, portfolio risk and market risk.
 .CONTD
Unsystematic risk is the variability of returns (risk) caused by factors associated with a particular

firm. Examples include the risk of bad or fraudulent management, the risk of a plant fire, a labor strike, or a
lawsuit. These risk factors are not likely to be present in all the firms in a portfolio at the same time. Some
firms will have them and some wont. An investor holding a well-diversified portfolio (investments in firms
in different industries and locations) will not be concerned with unsystematic risk. For example, consider the
quality of management. Some of the firms in a portfolio will have good managers and some will have poor
managers. The net effect on the return of the portfolio will be nil. In effect, investors can diversify away the
risk posed by bad managers. The same is true for the other factors causing unsystematic risk.

Economic

Natural

Human
BURDEN & SOURCES OF RISK
Marketplace.

Employee-related risks and

Financing risks.

Methods to Handle Business Risks

For each risk you have identified, there will be one or more strategies or courses of action available to you. The main
strategies that you will be working with are as follows:
a. Avoidance
b. Risk Control
c. Risk Transfer
d. Loss Reduction
e. Segregation of Exposures (Spread of Risk)
f. Duplication of Resources
g. Self-Retention
.CONTD
(a) Avoidance
This is the most effective risk management strategy in that, by avoiding an activity or risk, any
chance of a loss is eliminated. While it is the most effective strategy, it is also not always the most
practical choice, as every part of a school operation has some level of risk, and avoiding all risk
would mean a school (or society) could not function.
The key with Avoidance is to use it for situations where:
The activity is inherently dangerous and/or a serious injury is likely to occur.

The foreseeable risks are beyond your control;

The activity is not necessary to fulfill educational goals;

The risks are not acceptable to your organization, or

You do not wish to devote the necessary resources to manage it properly.

If the risks have been properly identified and ranked as described in Step 1, then an informed
decision can be made as to whether a risk should be avoided.
 .CONTD

(b) Risk Control

This is the process of actually managing the risk taking proactive steps to reduce the
identified risks where possible and putting steps, rules or procedures in place to
minimize the residual risk to reduce the chance of a loss or the severity of such a loss.
Classic examples of risk control are things like using protective gear for sports activities,
setting rules, and of course, supervising to ensure rules are enforced.
Risk Control is the most widely used strategy, as, when combined with the other
strategies, it enables activities or operations to take place with best safety practices or
policies/procedures in effect that address the various elements of risk inherent in the
activity or process.
In effect, Risk Control enables calculated, informed risk taking to occur where the
benefits of proceeding with an activity outweigh the much-reduced risks that are present.
.CONTD

(c) Risk Transfer

This is the proactive process of transferring unwanted risk away from your organization
to another person or organization. Risk can be transferred to another party as follows:
By law (e.g. Occupiers Liability, Joint and Several Liability, Employers Vicarious
Liability):
Through a written agreement or contract between two parties (known as Contractual
Transfer), or through a conventional insurance policy.
There are several situations where this strategy is effective:
Purchasing an insurance policy to substitute a known risk (the premium you will pay) for
an uncertain risk (will I have a million dollar loss?);
Purchasing an insurance policy to protect against liability imposed by civil law for
Occupiers Liability, Joint and Several Liability and Employers Vicarious Liability.
Someone else is using your premises/property for an activity they are in control of.

In outside person or independent contractor is performing work on your behalf.

.CONTD

(d) Loss Reduction

This is a post-loss strategy that is essentially a response plan that addresses
what will be done if a loss does occur. An effective Loss Reduction strategy
can effectively reduce the impact of a loss and can make the difference
between an inconvenience and a catastrophe.
Fire Drills and Emergency Response Plans are examples of Loss Reduction
strategies.
 .CONTD
(e) Segregation of Exposures
In essence, this strategy follows the adage dont put all your eggs in one basket. By
spreading your exposure to loss across different locations or by isolating certain risks, the
chance of a total loss is significantly reduced.
Some typical examples of segregation of exposures in a school environment include, but are
not limited to:
Not allowing combustible materials to be stored in boiler/furnace/electrical rooms;

Using steel fire-proof cabinets for storing flammable liquids;

Cash management procedures that require separate duties for employees or volunteers
regarding cash receipts and cash disbursements and audit functions;
Computer systems that can operate from different sites;

Computer back-up medium stored off-site.

 .CONTD

(f) Duplication of Resources

This strategy involves maintaining back-up facilities or having a contingency plan in place in
case an unexpected situation interrupts the normal flow of operations. While this strategy can
involve maintaining an expensive infrastructure, it is an important strategy to consider for
certain critical operations for your school board.
Some applications of this strategy include, but are not limited to:

Ensuring an adequate number of supervisors are present for school excursions or activities to
provide back-up in case of distraction, illness, injury or other emergency;
Computer facilities back-up computer data and access to alternate computer equipment that
can be used to run the boards computer systems.
Alternate suppliers of goods and services to protect against supply chain interruption (e.g.
fue, maintenance contractors, etc.)
Maintaining access to alternate teaching facilities either by contractual agreement or by
utilizing existing schools that are not in use. For example, if a fire destroyed a high school,
where would the students be sent?
.CONTD

(g) Self-Retention
This strategy is applied to manage risks that are either uninsurable due to high risk
factors, or for small, infrequent losses that can be better managed internally than by
claiming through an insurance policy (e.g. deductible level on a property insurance
policy).
Most school boards do not have many uninsurable high risks that are essential to
their business operations, so the Self-Retention strategy is most commonly applied
to supplement conventional insurance policy contracts by carrying a deductible. In
return for taking a share of the small losses by way of a deductible, school boards
are able to achieve reduced premiums on their main property insurance coverage,
saving the insurance policy for catastrophic losses, while funding the small losses
internally.
DEGREE OF RISK

Extent or level of uncertainty in a given situation the likelihood of

the actual result being different from the estimated result.
 THE RISK MANAGEMENT PROCESS

Risk Management is defined as "the systematic application of management policies,

procedures and practices to the tasks of establishing the context, identifying,
analysing, assessing, treating, monitoring and communicating".
It is an iterative process that, with each cycle, can contribute progressively to
organizational improvement by providing management with a greater insight into
risks and their impact.
Risk management can be applied to all levels of an organisation, in both the strategic
and operational contexts, to specific projects, decisions and recognized risk areas.
Risk is defined as 'the chance of something happening that will have an impact on
objectives'. It is, therefore, important to understand what the objectives of the
University, Faculty, work unit or your position, are, prior to attempting to analyse the
risks.
.CONTD
A simple process
Risk analysis is best done in a group with each member of the group having a good
understanding of the tasks and objectives of the area being analysed.
1. Identify the Risks: As a group, list the things that might inhibit your ability to
meet your objectives. You can even look at the things that would actually enhance
your ability to meet those objectives eg. a fund-raising commercial opportunity.
These are the risks that you face eg. loss of a key team member;
Prolonged IT.
Network outage.

Delayed provision of important information by another work unit/individual.

Failure to seize a commercial opportunity etc.

 .CONTD
2. Identify the Causes: Try to identify what might cause these things to occur eg. the key
team member might be disillusioned with his/her position, might be head hunted to go
elsewhere; the person upon whom you are relying for information might be very busy, going
on leave or notoriously slow in supplying such data; the supervisor required to approve the
commercial undertaking might be risk averse and need extra convincing before taking the risk
etc etc.

3. Identify the Controls: Identify all the things (Controls) that you have in place that are
aimed at reducing the Likelihood of your risks from happening in the first place and, if they
do happen, what you have in place to reduce their impact (Consequence) eg. providing a
friendly work environment for your team; multi-skill across the team to reduce the reliance on
one person; stress the need for the required information to be supplied in a timely manner;
send a reminder before the deadline; provide additional information to the supervisor before
he/she asks for it etc.
.CONTD
4. Establish your Likelihood and Consequence Descriptors, remembering that these
depend upon the context of your analysis ie. if your analysis relates to your work unit, any
financial loss or loss of a key staff member, for example, will have a greater impact on
that work unit than it will have on the University as a whole so those descriptors used for
the whole-of-University (strategic) context will generally not be appropriate for the
Faculty, other work unit or the individual eg. a loss of $300000 might be considered
Insignificant to the University, but it could very well be Catastrophic to your work unit.
You will need to establish these parameters in consultation with the Head of the work unit.

5. Establish your Risk Rating Descriptors: ie. what is meant by a Low, Moderate, High
or Extreme Risk needs to be decided upon ahead of time. Because these are more generic
in terminology though, you might find that the University's Strategic Risk Rating
Descriptors are applicable.
IDENTIFY AND ANALYZE LOSS
EXPOSURES
This is the process of determining the potential sources of loss, or hazards,
that your school board is exposed to which may result in loss or injury. This is
a critical component, as it will assist you in determining where to divert your
resources.
Risk Identification: There are several ways to identify sources of loss, but the
most common approaches are:
a. Analyze past claims experience and determine categories or types of losses
that you have had.
.CONTD
b. Analyze past incident report data to determine where minor injuries that did
not result in claims were occurring.
c. Conduct a survey of each department or operating division to determine
where potential losses can occur. Such surveys can be done professionally, or
can be completed in-house using the sample template (Figure 1). Within a
department, each activity can also be assessed using this form. Once completed,
each risk factor can be ranked Low, Medium or High and appropriate strategies
can be documented to address each one (see Risk Management Steps 2 and 3).
.CONTD
d. Site inspections can also be used to provide a visual perspective of where
your exposures are e.g. proximity to nuclear facilities, manufacturing plants,
natural hazards, isolated/remote location, high crime area, etc. Again, these
inspections can be conducted professionally or could be done in-house.
The types of risk identified by any of the above methods generally fall into the
following categories, and can be charted as illustrated in Figure 1:
ANALYZING/ASSESSING RISK:
It must be recognized that all risk elements are not equal in terms of frequency
(how often a loss will occur) and severity (how serious the loss is). Since
scarce resources cannot be devoted to address all risks equally, it is necessary
to rank or prioritize your risks into categories that can be dealt with based on
the degree of threat that is posed to the school board.
Risk can be ranked many ways, but a simple and effective method is to use
Low/Medium/High rankings, as follows (See Figure 2):
.CONTD

Low There is an identifiable risk of a loss occurring, but it is either unlikely

to occur or would not cause serious injury/damage. Some characteristics of
low risk factors include, but are not limited to: sedentary classroom activities,
low-impact exercises, walking, computer studies, reading activities, etc.

A particular event or situation may also be considered a low risk if the

likelihood of an occurrence is rare or atypical for the school environment or
location. Events such as hurricanes, earthquakes, nuclear war, radioactive fall-
out, students experiencing fatal heart attacks, etc. are considered examples low
risk as they rarely occur and, unless situations or conditions suddenly change,
would not warrant an allocation of resources to manage such risks.
 .CONTD
Medium There is a known risk associated with the activity that may cause a loss to
occur, but you can takes steps to remove or reduce the risk. Some characteristics of
medium risk factors include, but are not limited to: physical contact sports, commercial
transportation, water transportation, downhill sports (ski, toboggan, tubing, etc.), water
activities (swimming, sailing, canoeing, etc.), physical education programs, etc.

There is also a sub-class in this category called High medium, which applies to
activities where relatively few losses occur, but because of the nature of the hazards,
result in catastrophic types of losses occurring. Activities and operations under this sub-
category need to be carefully considered, and if selected, managed with more caution
than the medium risks, and includes things like wilderness excursions, rock climbing,
high ropes, canopy walks, technical studies programs, etc.
.CONTD

High The nature of the activity or the presence of obvious hazards results in
a High probability of a loss occurring with catastrophic results (high severity);
it is foreseeable that a loss will occur, and/or you have no control over the risks
that are present. Some characteristics of high risk factors include, but are not
limited to: fall heights exceeding 8 feet; severe weather conditions, high
speeds, uncontrolled/free falls or jumps, strong water currents or tidal effects,
inexperienced or unqualified supervisors and/or participants, students driving
vehicles, etc.
SELECT APPROPRIATE RISK
MANAGEMENT
TECHNIQUE/STRATEGIES
Once the risks have been identified and ranked as previously outlined, then the
selection and application of strategies can be completed. Usually, various
combinations of strategies will work together to address the identified risks, or
more information accumulates on the risk profile of an activity.
The following table provides a guide to the general application of the various
risk management strategies based on the assessed risk level Figure 3
provides an illustration of a risk map with typical examples of risk by
category and the applicable strategies:
RISK MANAGEMENT TECHNIQUES:
NONINSURANCE METHODS
Risk Avoidance

A conscious decision not to expose oneself or ones firm to a particular risk

can be said to decrease ones chance of loss to zero.
A doctor may decide to leave the practice of medicine rather than contend with
the risk of malpractice.
Risk avoidance is common particularly among those with a strong aversion to
risk. However, avoidance is not always feasible or may not even be desirable if
it is possible.
When risk is avoided, the potential benefits, as well as costs, are given up.
.CONTD
Loss Control

When particular risks cannot be avoided actions may often be taken to reduce
the losses associated with them known as loss control.
The firm or individual is still engaging in operations that give rise to particular
risks involves making conscious decisions regarding the manner in which
those activities will be conducted.
Focus of Loss Control

Some loss control measures are designed primarily to reduce loss frequency
called frequency reduction.
Some firms spend considerable funds in an effort to reduce the frequency of
injuries to its workers.
IMPLEMENT AND MONITOR THE
RISK MANAGEMENT PROGRAM
Feasibility of the retention program.
If the decision to retain losses involves advance funding.
Administrative issues may need to be considered.
If the risk is likely to result in several losses over time.
There will be administrative expenses associated with investigating and paying
for those losses.
Administrative issues are of particular concern when a firm decides to set up a
self insurance.
RISK MANAGEMENT FOR
INDIVIDUALS AND CORPORATIONS:
Over the last couple of decades, institutional risk management has become an
integral process at almost every large organization. Corporate risk managers
concern themselves not only with financial risks, but with strategic and
operational risks as well, evaluating possible future outcomes and their effect
on their organizations.
The International Standards Organization has even attempted to standardize
the process of organizational risk management, defining it as "the effect of
uncertainty on objectives." It defines risk management as "the identification,
assessment and prioritization of risks followed by coordinated and economical
application of resources to minimize, monitor and control the probability
and/or impact of unfortunate events."
 .CONTD
Most individuals, too, and their advisors are already managing risk in their
investment process, even if they don't know it. Specifically, they try to curb the risk
of suffering shortfalls when it comes time to cover future liabilities. The insurance
they buy protects them against certain rare but costly events. But saving and
investing is a type of insurance as well-essentially it's self insuring against all other
future liabilities, trying to prevent catastrophes in the future that you can't predict
and whose magnitude is uncertain.
The goal of diversification is to manage liquidity and uncertainty in the asset class
returns of a client's portfolio to cover future expenditures.
RATIONALE AND APPLICATION:
The overall purpose of the management of risk process is to help a decision-
maker understand a situation, along with the likely outcomes.
This process is in two parts:

assess the risk.

plan and control the activities to reduce the risk.
SEVERITY AND PROBABILITY
The severity of a risk, usually expressed in financial terms, is the impact the
event would have on the business whereas probability refers to the likelihood
of the event occurring at all. While the rating of risks is subjective and unique
to each business, all companies face a serious risk when high or medium
probability intersects with high or medium severity. One should take actions to
mitigate such risks as a matter of urgency.
The key objective of risk mitigation is to create a residual risk environment
that your company is comfortable with. You can reduce the severity of losing a
key individual by introducing succession planning, while the probability of
this risk can be addressed by implementing an incentive-based staff retention
plan.
UNDERSTANDING THE COST OF
RISK
Insurance the transfer of risk to a third party is an efficient method of
financing the severity of a risk. Many people consider the insurance premium
to be the total cost of risk but there are costs of risk that are not transferred
to the third party. In other words the critical components of costs of risk
include the price paid for insurance and the cost of any uninsured losses.
A companys decision to insure or retain risk is guided by the cost of insurance
relative to the perceived benefit of the protection purchased, the capacity and
appetite of the insurance market to accept the relevant risk, the ability and
capacity of the company to retain risk, and the relevance the company assigns
to the particular risk.
SOCIAL RISK MANAGEMENT
(SRM)
It is a conceptual framework developed by the World Bank, specifically its Social
Protection and Labor Sector under the leadership of Robert Holzmann, since the
end 1990s.
The objective of SRM is to extend the traditional framework of social protection
to include prevention, mitigation, and coping strategies to protect basic
livelihoods and promote risk taking. SRM focuses specifically on the poor, who
are the most vulnerable to risk and more likely to suffer in the face of economic
shocks.
Through its strategies SRM aims to reduce the vulnerability of the poor and
encourage them to participate in riskier but higher-return activities in order to
transition out of chronic poverty.