Introduction to Risk Management

The term risk is usually associated with unpleasant events. In Insurance parlance, Risk means the ‘Uncertainty of a financial Loss’. The different physical features that exist are called Hazards. They contribute to the happening of peril. Physical hazards increase the probability of a peril occurring. When the peril does occur it brings about loss or damage to the building, plant and machinery, stocks, etc. This loss is measured in terms of money and when the same is brought about by an insured peril, it will be compensated by the Insurer. Thus, Risk is the uncertainty of a financial loss by perils, and the probability of occurrence is increased by physical hazards.


Corporate Objectives and Risk Management :

The real objective of Risk Management is to reduce fear of the unknown and unexpected events and to create confidence in the future. In its broadest terms, Risk Management is concerned with the planning, arranging and controlling of activities and resources in order to minimize the impact of uncertain events. Every trade has certain hidden risks which may be called ‘Organizational Risks’.


These risks affect the profitability of the business and can be divided into following parts-

Business Risks:

which may be further divided into Financial, marketing and political risk, personal and reputation risk.

  • Financial Risks such as risks relating to currency, securities and commodities, interest rate, credit, mergers and acquisitions etc.
  • Marketing and Distribution Risks which may arise due to launching of new, improved products or undercutting of prices by competitors, change in consumer tastes, adverse changes in economic conditions at home/abroad, poor service standards, procurement related issues, spurious products etc.
  • Political Risks such as war, social risks, terrorism, changes in exchange control regulations/tariffs etc.
  • Personnel Risks which may arise due to infidelity of employees, loss of Key Man due to death/injury, cyber security issues, etc.
  • Reputation Risks such as libel, slander, bad publicity, mis-selling, fraud, scandals, media and regulatory intervention etc.

Operational Risks:

which may be arise due to various physical factors, administrative failures, inadequate systems and/or defective control mechanisms, leading to inventory losses, injury to employees, physical loss/damage to property, consequential losses etc.

Legal Risks:

Legal Risks arising out of contractual liability, public liability, statutory liability, pollution liability, Product liability, employers liability, Directors and Officers liability, etc.

Environmental Risks:

Environmental Risks arising out of natural calamities or changes in the social/ cultural/ legal and statutory environment.


Risk Management may, therefore, be defined as “the management of pure or non-speculative risks to which the assets, personnel and income of a business are exposed”. Risk Management is a function which is concerned with the protection of corporate assets /earnings against the operation of fortuitous events. It is the discipline which ensures that the profit or assets of the organization are not unduly impaired by the operation of any risk. The risk manager’s basic job is to “ensure financial sufficiency of the firm against the consequences of different types of risks at the lowest possible cost’. All Business firms must have well defined Objectives/Goals. One of the major objectives is the ‘Maximization of Profits’. Other important goals are maximization of the rate of return on investments, high productivity, stability of financial results, economic growth and expansion etc. Risk Management policies and strategies will have to be decided in the overall context of Organizational Culture and especially in the light of the Corporate Objectives. Just as cutting the costs of raw material or labor or overheads adds to profits, reducing the cost of accidental losses also adds to the profits. Indirectly, effective Risk Management also contributes to increase in revenue. Thus, the role of the risk manager assumes great significance. The cost of accidental losses and the uncertainty regarding such losses may act as a deterrent to management to commit capital to otherwise potentially profitable new ventures. The size of loss which a company/firm can tolerate without financial embarrassment will depend upon its cash flow, profitability, liquidity, capital reserves and assets which could be used to finance losses. This is called the concept of Downside Risk and this risk is measured in terms of the probability of an actual loss exceeding that tolerable size. Therefore, in considering its risks a company should pay regards to the following four important factors:-

  • The probability of a loss producing event occurring
  • The severity of the loss
  • The size of loss it can tolerate and
  • The potential degree of variation in actual outcomes from expected outcomes.

Risk Management Policy and Procedures


Risk Management Policy:

Risk Management activities must have the support of the Top Management and the cooperation of all the related departments in order to be successful because the objectives of Risk Management are the protection of the Company's assets and earnings against loss, including protection against legal liabilities, at minimum cost.

Risk Management Procedure:

The Risk Management Process can be broken down into three elements which follow a logical sequence. They are as follows-

  • Risk Analysis
  • Risk Control
  • Risk Financing

Risk Analysis:

Risk Analysis is a TWO-STEP Process comprising of Risk Identification & Risk Evaluation

Risk Identification:

Risk Identification provides the foundation for the Risk Management exercise. Any failure at this stage will result in uncovered /unprotected exposures and a major loss/liability may lead to a severe financial crisis or even bankruptcy. Risk Identification requires a knowledge of the organization, the market in which it operates, the legal, social, economic, political and climatic environment in which it does its business, its financial strength and weaknesses, its vulnerability to unplanned losses, the raw material, finished products, the manufacturing process and the management systems, plant and premises, suppliers and customers, methods of distribution and business mechanism by which it operates In short, risk identification helps in identifying what could go wrong that could impact the business significantly.

Risk Evaluation :

which is the next step, consists of the assessment of Probability of a loss occurring along with it's Severity. Any business organization must possess deep knowledge of the risks to which its assets and Personnel are exposed and the liabilities arising out of the manufacture and sale of its products. It must also possess information regarding values at risk or potential liabilities and the estimated size and frequency of losses including losses caused by any interruption to its business. Risk evaluation serves two important purposes. It helps to evaluate the loss potential due to the perils identified and decide upon the Risk Control measures to be adopted. It also involves information regarding values at risk or potential liabilities, and the estimated frequency of losses of differing size, including business interruption losses. Only with such information will it be possible to judge the cost-effectiveness of the various Risk Reduction measures and deciding whether a particular risk should be retained or should be insured and at what price.

Risk Control:

Risk Control is the second element in the Risk Management process which covers all those measures which are aimed at avoiding, eliminating or reducing the chances of loss-producing events occurring, or limiting the severity of the losses, if at all they arise. Here, one is seeking to change the conditions that bring about the loss-producing event in order to ensure that the event does not occur or in case it does occur, to reduce its severity. The techniques of Risk Avoidance, Risk Prevention and Risk Minimization discussed below form the ambit of Risk Control and require a great deal of technical expertise and knowledge about the products, processes and preventive/protective measures. The control of pure risks is achieved by the following measures- Risk Control covers all those measures aimed at avoiding, eliminating or reducing the chances of loss producing events occurring or eliminating the severity of the losses that could happen. Broadly, Risk Control measures include-

  • Technical loss prevention devices
  • Planning and preparation of back-up production facilities
  • Emergency planning
  • Removal of structural weakness (e.g. elimination of bottlenecks).
  • Implementing loss minimization procedures and installation of devices to prevent/minimize losses.


Risk control involves the use of one or more of the different Risk Management tools like - Risk Avoidance, Risk Prevention or Risk Minimization/Reduction.

Risk Financing:

Risk financing determines when and by whom loss costs are borne. Risk Financing includes the following alternatives.

  • Risk Retention & Self insurance
  • Risk transfer & Insurance
Risk Retention & Self Insurance: :

Risk retention means that the consequences of a loss will be borne by the party exposed to the loss. Often risk assumption is a deliberate risk management decision. That is, the assumption of the risk is undertaken with the full understanding of the consequences of the potential loss. Sometimes, however risk is assumed because the potential loss was not identified before it occurred. Business firms assume risks when loss costs are small and can be funded from current cash flow or from reserve/contingency fund. The risks of low severity and low frequency may be retained by the business enterprise by internal financing by way of-

  • Charging of losses to operating costs as they occur
  • Formation and operation of internal contingency funds
  • Formation and operation of captive insurance companies

As regards the risks of low severity and high frequency, a cost benefit analysis of the risk control measures is necessary before implementing the Risk Retention Programme. Normally, by implementing the appropriate Risk Prevention/Minimization Programme, the frequency of losses will come down and such losses can be retained. Contingency funds are normally created to manage losses that are too large and unpredictable in occurrence. It must be kept in mind that payments into an internal contingency fund, unlike insurance premiums, are not tax deductible and since contingency fund needs to be kept in readily realizable assets, the transfer of a capital sum to a fund means foregoing other adventures which could have been financed by those reserves. Therefore, the amount that an Organization will be willing to set aside to establish a contingency fund will depend upon the size of its existing liquid reserves, the returns it can expect from alternative uses and the annual net cash flow--i.e. the surplus of earnings over expenses.

Risk Transfer & Insurance :

From the Risk Manager’s view point, insurance represents a contractual transfer of risk. From society’s view point, insurance is more than mere risk transfer; it is risk reduction because the pooling of numerous risks allows better loss predictability. Insurance is an especially appropriate risk management tool when the probability of loss is low and the severity is high. Many situations facing both business firms and individuals meet these two criteria, and thus insurance is widely purchased.

The primary objective of Risk Financing is to spread more evenly over time the cost of risks in order to reduce the financial strain and possible insolvency which the random occurrence of large losses may cause. The secondary objective is to minimize Risk Costs. Essentially, an Organization can finance its Risk Costs in three ways:

  • losses may be charged as they occur, to Current Operating costs OR
  • ex ante provision may be made for losses, either through the purchase of Insurance or by building up a Contingency Fund to which losses can be charged OR
  • when losses occur, they may be financed by loans which are repaid over the next few months or years

The probability and severity of possible losses play an important role in the structuring of a Risk Financing programme. It is axiomatic that in practice, High Severity of Loss generally goes hand-inhand with relatively Low Probability, and vice-versa. Similarly, Risk Avoidance and Risk Reduction decisions have financial implications and should be taken only after examining the financial costs and benefits. Expenditure on Risk Reduction measures and Risk Transfer by way of Insurance will initially reduce the Organization’s net worth but provided the measures produce an expected net benefit over a period of time, the ultimate result would be to raise the net worth and show consistent growth over a period of time. The benefit of Insurance is that it converts uncertainty to certainty, because by payment of a definite amount of premium the Organization can transfer the financial cost of uncertain loss-producing events, which may seriously affect the Business, to the Insurer.

Overall Summary of the Risk Management Process:

The integrated Risk Management exercise will comprise the following activities-

  • Identification and Evaluation of Risk Exposures- The Risk Manager will conduct the Risk Identification and Evaluation exercise with the active involvement of the concerned departments.
  • Determination of Insurable Amounts--Valuation of assets like Building/ Plant & Machinery and decision to insure on RIV or Market Value basis, selection of Standing Charges and Indemnity period for Fire/ MB Consequential Loss Policy, Basis of Valuation for Marine Insurance, AOA/AOY limits under Public/ Product liability policies, amount of coverage and Sum Insured under P.A./MEDICLAIM policies etc.
  • Selection of the appropriate Risk Management Technique or combination thereof-Depending upon the solvency position, liquidity, working capital, long-range capital fund requirements and a thorough cost-benefit exercise, the Organization can decide to combine the Risk Management techniques. As a thumb rule the company may retain the risk if-
    • the probable maximum loss is small and can be met from the earnings
    • the probable maximum loss is small in relation to the insurance premium required and there is a wide
    • spread of risk
    • deductions are possible, having considered the PML and the discount allowed on insurance premiums
    • funds/reserves can be relied upon to make good the loss


The Company may decide to insure those risks -

  • which are Catastrophic in nature or where the severity of loss is high and may cause undue strain on the company funds
  • where the probable maximum loss is too large for the company to bear
  • Where the services provided by insurers make insurance an economically and commercially viable proposition. Such services may relate to Risk Inspections, accident prevention, premium discounts for implementing loss prevention measures and opting for voluntary deductibles etc.


Any Insurance programme has to be continuously monitored as to the renewal dates, adequacy of coverage, acquisition of new assets, introduction of new products etc. A constant watch is also required to ensure that the valuation of Building/Plant & Machinery reflects the current prices in the market. Here as a general rule it may be kept in mind that as the assets become older, it is advisable to shift from Market Value insurance to Reinstatement/ Replacement Value insurance to nullify the financial implications of the huge depreciation which will be applicable if any claim arises.

Risk Review :

After the potential sources of loss have been identified and plans to deal with them Implemented the Risk Manager must review the programme regularly to be sure that it meets current needs. A periodic Review of the Risk Management programme in the light of experience relating to losses/liabilities will help the Organization to reorient their strategies and ensure that they are buying maximum protection at minimum cost at any point of time since the purpose of Risk Management purpose is to achieve maximum protection against risk exposure at minimum Cost.