CRM - Principles of Risk Management
Speculative
Chance of loss or no loss or a chance of gain often referred to as a business risk
Pure
Chance of loss or no loss with no chance of gain
Difficult to communicate
Danger of turning areas of concern into phantom risk that may not materialize
Risk management policy statement
Defines the policy for managing risk by clarifying the risk management goals and direction. It will be 1-2 pages and aligned with the risk management mission statement. It clearly specifies responsibility, accountability, and authority, and minimizes duplication of efforts.
Operational performance
Depends on the behavior of the employees and the embedded Organizational Risk Management and creates a continuum that is constantly improving the organization performance
Expected losses
Projection of the frequency and/or severity of losses based on loss history, probability distribution, and statistics; the expected loss projection is commonly called a loss pic or loss pick
Distinguish between different valuation methods
Property valuations are estimated and measured by the following common methodology: 1. Historical- original purchase price 2. Book value - historical cost less accumulated depreciation 3. Market value - what willing buyer will pay willing seller 4. Replacement cost - replacement of damaged property with new of same like kind and quality with applying depreciation 5. Actual cash value - the replacement cost less depreciation 6. Functional replacement- cost to replace with functionally equivalent property 7. Economic value - estimated future income stream of the property
Types of risk
Pure and speculative
Loss
Reduction in value
No common approach across organizations
Opportunities and responses differ
Risk analysis
The assessment of the potential impact of the various exposures on an organization 1. Qualitative- the what analysis 2. Quantitative- the how much
Total Cost of Risk (TCOR) definition
The sum of all costs and expenses associated with risk and the management of risk within an organization
Elements of negligence
1. A duty is owed ( by plaintiffs to defendant) 2. A breach of duty 3. Causation- breach of duty must be the approximate cause of injury- unbroken chain of events 4. Damages - resulting from the injury
ERM is NOT
1. A plan to eliminate risk which is impossible 2. Focused only on compliance and disclosure requirements 3. A collage of separate policies and approaches 4. A replacement for internal controls 5. Simply having a Chief Risk Officer
How is culture formed
1. Attitude of leadership/management are expressed through behavior 2. Desired behaviors are motivated/incentivized 3. Repetition of desired behaviors creates a culture
Identify the specific types of loss data that should be collected
1. Category of loss, type of loss, property, auto, injury from product 2. Date and time of loss 3. Claimants- name date of hire, occupation 4. Loss location 5. Hazard- floor surface, noise level, weather, lack of protection 6. Cause - fall from height, collision, lifting, lightning 7. Type of injury/damage- sprain/strain, laceration, disease, water damage, auto physical damage 8. Body part 9. Management- supervisor or team leader
Four requirements of an enforceable contract
1. Competent parties 2. Agreement or assent 3. Legal consideration - exchange of value 4. Legal purpose
Identify the characteristics of credible loss data
1. Completeness- complete enough detailed info 2. Consistency- same type of data, policy period, same recording methodology, and same definition for types of injuries 3. Integrity- reliability and accuracy of data that is current and accurate 4. Relevance- use only data that is relevant to the analysis
Steps to measure impact of loss on sales or revenue
1. Determine the profit margin of the organization 2. Divide the loss Cost by the profit margin. The result is the sales/revenue required to pay for the loss. Example: If company wants 3% profit margin and the loss cost is $10,000, we would need $333,000 in sales/revenue to pay for the loss.
Steps to measure the impact of a loss on sales and revenue
1. Determine the profit margin of the organization 2. Divide the loss cost by the profit margin. The result is the sales/revenue required to pay for the loss
Risk taking appetite and ability are considered when
1. Developing policy and procedures 2. Elements of insurance program are being reviewed 3. Starting a new venture, product or service 4. Restructuring the organization 5. Evaluating a merger or acquisition 6. Facing critical events and substantial losses
Types of emerging risks
1. Economic risks 2. Environmental risks 3. Technological risks 4. Societal Risks 5. Geopolitical risks
Liability
1. Exposure A. Premises and operations B. Advertising and communication C. Product and completed operations D. Statutory compliance 2. Perils A. Slip and falls B. Libel, slander, false imprisonment C. Product malfunction D. Unknowing transmission of computer virus 3. Hazards A. Poor housekeeping B. Poor quality control C. Failure to enforce or inadequate policies
Net income
1. Exposures A. Investment activities B. Market conditions and fluctuations C. International business interests D. Decreased revenue &/or increased expenses 2. Perils A. Loss of primary suppliers, primary customers B. Weather (no property damage) C. Impact of governmental action 3. Hazards A. Poor product positioning B. Overextension of credit or excessive borrowing C. Inadequate research and development D. Imprudent investment activities
Human Resources
1. Exposures A. Owners, officers, senior management B. Employees C. Independent contractors, leased, borrowed and temporary employees D. Clients, suppliers, vendors 2. Perils A. Death B. Disability C. Illness or injury D. Resignation, termination and retirement 3. Hazards A. Non adherence to safety practices B. Poor morale, poor performance, or natural aging process C. Workplace violence
Property
1. Exposures A. Real property - building and structures - land - golf courses, landscaping B. Personal property - cash and securities - records and documents - inventory - mobile equipment - furnishings, equipment and supplies - computer system, hardware, software, databases C. Intellectual property - copyright and patents - trademarks, trade names - licenses and franchises - leases and leasehold interest 2. Perils ( causes of loss) A. Windstorm B. Theft C. Infringement on intellectual property 3. Hazards A. Faulty wiring B. Nature of the operations C. Lack of security D. Poor housekeeping
Common element s of emerging risk
1. High uncertainty 2. Difficulty to quantify 3. Difficult to communicate 4. Regulatory involvement 5. No common approach across organization
Describe the benefits of implementing an ERM (Enterprise Risk Management) program
1. Identifies threats and opportunities related to an organization's strategic plan, objective and total Cost Of Risk 2. Closely links the organization's business, operational, and strategic objectives to the practice of risk management 3. Uses performance metrics to drive improvement in decision making 4. Provides a common language for communication about risk and opportunities 5. Enhances management of activities and their associated risk 6. Safeguards the organization brand and reputation 7. Allows organization to capitalize on opportunities increase shareholder value
Explain why loss data must be collected and analyzed
1. Identify the causes of loss frequency and severity 2. Identify trends I loss experience and to forecast losses 3. To compare and benchmark 4. To focus senior management's attention on the organization's total cost of risk 5. To assist with cost/benefit analysis of loss control initiatives 6. To establish an insurance program 7. To establish methods of evaluating the performance of: - management of operating units and cost center - vendors - in-house claims adjuster - employee safety incentive program
Identify the characteristics of flowcharts
1. Illustrates interdependency within an organization 2. Pinpoints bottlenecks or choke points 3. Does not indicate frequency or severity 4. Does not show minor process with major loss potential 5. Limited applicability to liability exposures
Components of TCOR
1. Insurance costs (premiums, letters of credit, security deposit 2. Retained losses and associated loss adjustment expenses A. Active: deductibles and SIRs B. Passive: unidentified exposures - ones we miss 3. Risk management departmental costs A. Salary and employee benefits B. Risk management information system (RMIS) C. Administrative expenses- training and travel D. Management overhead - corporate allocations 4. Outside service fees A. Fee for service - insurance brokers B. Third party administrators and other vendors C. Consultants D. Loss control E. Actuarial F. Legal 5. Indirect costs - some can be measured and some not A. Disruption in production/sales B. Management time spent on loss related activities C. Overtime costs D. Hiring and replacement costs E. Lost opportunity Cost F. Loss of organizational value F. Social costs- public image, reputation
Total Cost Of Risk TCOR is used as risk management tool to assist with:
1. Making effective risk management decisions by measuring progress toward risk management objectives 2. Establishing responsibility and accountability in the workplace, providing management and employees incentives 3. Effective management of financial budgets and pricing of products and services 4. Promoting and focusing on safety and loss control by communicating the financial impact of a loss on the TCOR and sales and revenue
Total Cost Of Risk (TCOR) is used as a key risk management tool to assist with:
1. Making effective risk management decisions by measuring progress toward risk management objectives 2. Establishing responsibility and accountability in the workplace, providing management and employees with incentives 3. Effective management of financial budgets and pricing of products and services 4. Promoting and focusing on safety and loss control by communicating the financial impact of a loss on the TCOR and sales/revenue
Risks can be grouped into four broad categories
1. Operational- risk related to an organization's processes and management activities (speculative) 2. Financial- risk related to organization financial activities 3. Hazard- risks typically covered by insurance (pure) 4. Strategic - risk related to an organization's strategic plan and its mission (speculative)
Describe four logical classification of loss exposures
1. Property - tangible and intangible 2. Liability - premises and operations, advertising, products and completed operations 3. Human Resources- employee, clients, vendors 4. Net income- investments and market fluctuations
Five steps of risk management
1. Risk identification 2. Risk analysis- impact of exposure on organization 3. Risk control - minimize the probability, frequency, severity, or unpredictability of a loss 4. Risk financing- acquisition of funds to pay for loss 5. Risk administration- ongoing implementation and monitoring of risk management process
Explain the obstacles to Enterprise Risk Management (ERM) implementation
A. Lack of support from senior management B. Difficult to invest capital in the risk management program C. Showing return on investment D. Skills required to implement - leadership & facilitation skills - creative approach to problem solving - cross functional view E. Risk is viewed negatively so need to expand to include upside can be difficult F. Perception of risk versus reality - look at the implications from all angles G. ERM limitations - human judgement and decision can be faulty - cost benefits and control measures must be considered - controls can be circumvented/ignored - Management has ability to override decisions
Identify the characteristics of surveys and checklists
1. Standardized 2. Can be used by non risk management personnel with minimal training 3. Cannot cover all areas of operations 4. May not identify new exposure or emerging risk 5. Does not reflect severity of exposure 6. Does not prioritize exposures
The speed of emergence can be effected by many factors
1. Technology and scientific advances 2. Economic circumstances 3. Social aspect
Importance of risk taking appetite and ability in risk management program
1. The willingness to accept or tolerate risk without the financial capacity is an empty promise 2. The financial capacity to retain risk without the willingness is unrealized opportunity
Characteristics of an effective ORC
1. Tone at the top- leadership clarity of direction and attitude toward risk 2. Corporate governance- clear responsibility of risk management, transparency and timeliness of risk information 3. Decision making- well informed decisions regarding risk and performance evaluations encourage good risk management 4. Authority & accountability- embedding risk management abilities and responsibilities within the organization
Environmental risk
A. Natural disasters- volcanic eruption, earthquakes, severe flooding, hurricanes B. Climate change - threat of increasing volatile weather conditions, financial impact on markets, resources, personnel, and organizational preparedness, increasing legal or regulatory pressures, mounting public and shareholder activism
Societal risk
A. Pandemic illness- disease occurring over wide geographical area and affecting large portion of population B. Food and water supply - availability of sufficient quantities of food and water in certain parts of world causing political and social unrest C. Rising medical costs
Enterprise risk management ERM
A cross functional view of risk affecting all areas of the organization. ERM embraces speculative risks. ERM is ongoing process of the entire organization and is used in strategic decision making process at every level of the organization. ERM is focused on entity-wide view of risk and is supportive of strategic objectives and goals.
Claim
A demand or obligation for payment as a result of a loss
Organizational Risk Culture defined
A set of understandings, knowledge, beliefs, values and habits toward risk that characterize a human group (organization) in search of a common purpose.
Why having an effective Organizational Risk Culture (ORC) matters
A. Compliance B. Operational performance C. Risk management effectiveness D. Characteristics of effective ORC
Technological risk
A. Cyber attacks - website defacement, cyber extortion B. Breaches of privacy- theft or manipulation of private or sensitive information or trade secrets C. Speed of communication - defamation blogging and tweeting affect operations and reputation D. Unauthorized access to or disclosure of client financial and/or personal identifying information E. E-commerce and dependence on technology - network outages, computer failure
General classes of risk
A. Economic B. Legal C. Political D. Social E. Physical F. Judicial G. Technological risks
Impact of an effective risk management program on an organization
A. Raises awareness of the importance of risk management B. Supports managerial objectives 1. Improves planning and budgeting 2. Reduces frequency and severity of incidents, accidents, losses and claims 3. Projects future losses 4. Increases awareness of indirect losses C. Improves morale and productivity among the work force D. Improves quality, processes and technology E. Increases profitability- reduce costs or increase revenue 1. Reduces claims management and legal costs 2. Optimizes cost of risk 3. Protects cash flow, assets and financial statements F. Protects the organization reputation and brand
Governing documents are:
A. Risk management mission statement B. Risk management policy statement C. Risk management procedures manual
Explain the requirements of Enterprise Risk Management (ERM) implementation
A. Support of senior management B. An implementation leader and dedicated cross-functional committees C. An ERM risk assessment D. A common language regarding risk E. An established framework
Economic risks
A. Weak international economies affecting currency values, purchasing power and trade, currency devaluation B. Insolvency of partners or suppliers or single source dependency affecting supply chain C. Credit insurance for emerging markets
Regulatory involvement
Absence of industry response often leads to regulatory involvement
High uncertainty
Absence of reliable information; frequency or severity is difficult to predict
Occurrence
An accident that extends over a period of time rather than a single observable happening
Accident
An unplanned event that results in BI or PD
Purpose of the Governing documents of risk management
Are designed to inform employees, vendors and service providers of the purpose and objectives of the risk management function of the organization
Explain why risk identification is the most important step in the risk management process
Because an exposure must be identified before it can be effectively analyzed, controlled or financed
Hazard
Condition or circumstance that may give rise to a loss from a given peril; physical, moral, or morale
Technology and scientific advancements
Discovery of new threats, proof of cause/effect relationships, improved methods of measuring and detecting risks
Statutes
Enactment of legislative and administrative bodies that impose certain responsibilities for certain actions or omissions - municipal codes, ordinances, financial responsibility laws (auto)
Compliance
Ensures the proper alignment between risk management policies and the organizational risk Culture (ORC) and guides the organization to improvement and reinforcement of the positive aspects of ORC
Incident
Event that disrupts normal activities and may become a loss, claim, or business interruption
Risk management terms
Exposure Loss Hazard Peril Incident Accident Occurrence Claim Frequency Severity Expected loss
Geopolitical risks
Global threats to safety and security impact domestic and international financial markets creating emotional and financial drains on economies and citizens
Indirect costs
Hidden and difficult to quantify such as: - loss production and productivity - loss of market share - employee overtime - hiring and training of replacements - loss opportunity - damage to reputation
Economic circumstances
Higher concentration of values, stability of local and global economics, lack of risk financing or transfer options
Risk taking appetite
Is the organization's willingness to accept or tolerate risk 1. Internal factors - past experience with risk taking - organizational objectives- profitability, reputation, market share - stage in organizational life cycle - financial status - assets, income, cash flow 2. External factors - market position - competition - need to take risk - new markets, products, services - public image - stakeholders perception of risk - availability of risk transfer alternatives
Explain the upside of risk
It is understanding and taking advantage of potential rewards like: - currency leveraging against exchange rates - acquisition of resources at favorable prices - purchasing future stock - locking in interest rates on loans - speculative purchasing of land - expansion into new products, services, markets
TCOR =
Insurance costs + retained losses + risk management dept costs + outside service fees + indirect costs
Tort
Is a private or civil wrong, other than breach of contract, that court will allow action for damages. The can be: 1. Intentional- slander, assault, discrimination, false detention 2. Unintentional- unintended accidents due to negligence 3. Strict liability- is directed by law without regard to intention of the offender - keeping wild animals, alcohol sales, hazardous/dangerous activities
Risk taking ability
Is based on the organization's financial capacity to retain risk. It takes into consideration the frequency and severity of losses, predictability of losses, and financials- cash flow, income levels, profit margin
Strict liability
Is directed by law (statutes and common) without regard to the intention of the offender's action. Shifts the burden of truth. Ex: keeping wild animals, engaging in hazardous activities- construction, blasting, selling alcohol to minors
Risk management procedures manual
Its purpose is to communicate management's support for the risk management program, establish level of performance and cooperation, familiarized personnel with procedures to effectively manage risk. It's how to guide for job safety and reporting procedures for incidents and accidents. It can be very lengthy since it will contain safety and loss control info, guidelines for claims management, investigation, and reporting, OSHA requirements, return to work program, crisis management, business continuity plan, and litigation management.
Risk management definition
Managing and minimizing the uncertainty of exposures that can adversely affect an organization's assets and financial statements
Regulatory liability exposures
Mandatory compliance - licensing, OSHA, EPA Voluntary regulations- rules created by professional, trade, and other organizations to internally govern their members - code of conduct, professional standards
Risk control
Minimizing the probability, frequency, severity, or unpredictability of a loss. 1. General theories of risk control A. Human approach- people cause accidents B. Engineering approach- things and pent up energy cause accidents C. Systems approach- internal systems failure and weaknesses cause accidents 2. Techniques of risk control A. Avoidance B. Prevention C. Reduction D. Segregation/separation/duplication E. Transfer - contractual, physical or both
Emerging risk
New exposures to loss for which risk treatment has not be implemented and Existing exposures that are evolving and are difficult to quantify and may have major financial impact on company.
Difficult to quantify
Severity is difficult to forecast; risk transfer and conventional financing techniques may not be suitable for exposure.
Exposure
Situation, practice, or condition that may lead to an adverse financial consequence
Risk management mission statement
States the overall goal of the risk management program and guides the action and decision making of the risk manager. It is short, clear, and concise and is aligned with the organization mission statement. It includes the priorities of the risk management program
Compare traditional risk management (TRM) with Enterprise Risk Management (ERM)
TRM is functional, silted, view of risk affecting one or more areas of the organization ERM is a cross-functional view of risk affecting all areas of the organization
Risk management effectiveness
The ORC (risk organizational management) - affect behaviors relative to risk - affects risk appetite and tolerance - affects people's perception about the acceptability of certain behaviors - directly affects risk retention policy
Risk financing
The acquisition of internal and external funds at the most favorable cost to pay losses 1. Retention- internal funds used to pay losses A. Active - deductibles and SIR B. Passive - unplanned 2. Transfer of financial responsibility- external funds used to pay losses A. Non-insurance contractual transfer of control or responsibility for an exposure B. Non-insurance contractual indemnification or financial responsibility 3. Insurance - equitable financing of risk in exchange for payment of premium
Peril
The cause of loss
Severity
The dollar amount of a given loss or the aggregate dollar amount of all losses for a given period
Negligence
The failure to exercise a degree of care that a reasonable and prudent would exercise
Contracts
The law of contract governs the performance of a promise between parties
Explain the basis for liability including tort, contract, and statutory concepts.
The loss cannot be m assure before a loss. You must 1. Know the circumstances of the event 2. The nature and severity of the damage or injury 3. Degree of fault by one or most re parties 4. Applicable law 5. Judge and jury decision
Frequency
The number of losses occurring in a given time period
Risk administration
The ongoing implementation and monitoring of the risk management process
Risk identification
The process of identifying and examining the exposures of an organization
Risk
The uncertainty of a positive or negative outcome arising out of circumstance
Identify the purpose of flowcharts
To graphically and sequentially depict the activities of a particular operation or process to identify exposures, perils, and hazards
Identify the purpose of checklist and surveys
To systematically identify as many exposures, perils and hazards as possible using list. Used as a guide to gather information that result in exposure identification in an orderly and organized manner
Loss data analysis defined
Using loss data to identify and understand the potential impact those losses have on the. Organization's risk management program and the total cost of risk.
How to implement an effective risk management program
With support and commitment from senior management 1. Communicate frequently about Risk management throughout organization and to third party service providers 2. Communicate frequently the goals and objectives to the risk management team 3. Continually reinforce the organization commitment to risk management 4. Involve all levels of the organization - managers, supervisors, and all other employees