Risk management and insurance

Part-I
Chapter-Two
The Risk Management Process
Chapter objective:
Dear students! After completing this chapter, you should be
able to:
o Define risk management and identify its difference
from insurance management.
o Explain the basic objectives of risk management
o List and explain the steps in risk management process

2.1. Risk Management an overview

Dear friends, I hope you come to understood that, risk is

becoming danger as the environment of businesses today is
becoming more complex. For example, advanced technology has
brought about very complex new products and huge
concentrations of values in a single product, such as the
supersonic airplane disaster. Therefore, we should give
special attention to risk.

The complexity of the business environment calls for or

demands for a special attention to a risk the special task
to Identify, analyze and Combat the operating risks.

Some of the factors, which increase the complexity of

environment, are: Inflation, growth of internal operation,
more complex technology and increasing government
regulation. Hence, most large organization and many smaller
ones employ specialized personnel in the field to deal with
or to handle the problems of increased risk. Even though
separate manager is not hired someone in organization; for
instance the owner and /or may be accountant of the
organization grapples all the problem of risk. These

Ambo University 26
Risk management and insurance

individuals who are responsible for the entire program of

risk management (of which insurance buying is only a part)
are risk managers or insurance managers. These terms (risk
manager and insurance manager) are often used
interchangeably.

Risk management is defined as a systematic process of

identifying and evaluating pure loss exposure faced by
organization or individual for selection and implementation
of most appropriate techniques for treating such exposures.

? What do you grasp from the above definition? Good! I

hope you understood as stated hereunder.
Risk management is scientific approach to deal with pure
risk. It involves anticipation of possible accidental losses
designing and implementation of procedures that:
 Minimize the occurrence of loss
 Minimize financial impact of loss if they do occur.
As a general rule, the risk manager is concerned only with
the management of pure risk (insurable and non insurable)
not speculative risk. Therefore, risk management is the
identification and measurement and treatment of property,
liability and personal pure risk exposures.

Dear student somewhere above we have mentioned some

organization use the risk manager and other still use the
insurance manager to indicate the employees responsible to
grapple all the problem of risk. But, are the risk
management and insurance management really meant the same
thing? No! Let’s look at the following phrases.
Risk management is broader than insurance management in that
it deals with both insurable and uninsurable risks.

Ambo University 27
Risk management and insurance

Insurance management for most part it is restricted to the

area of those risks that are considered to be insurable.

Risk management also differs from insurance management in

philosophy. Insurance management includes the use of
techniques other than insurance (for example, non-insurance
or retention, as an alternative to insurance) but insurance
for most part is restricted to the area of those risks that
are considered to be insurable.

The emphasis in the risk management concept is on reducing

the cost of safe- guarding against risk by whatever means.
In the risk management philosophy; it is insurance that must
be justified.

Activity 2.1.
1. Define risk management; and how does the risk management
differ from insurance management?
____________________________________________________________
__________________________________________________________

2.2. Objectives of risk management

The first step in risk management process is the
determination of the objectives of risk management program.
i.e precisely deciding what the organization expects its
risk management program to do. If this step is overlooked,
it results in the whole risk management program to become
ineffective than it could be. In the absence of the coherent
objective, there may be tendency to view the risk management
process as a series of individually isolated problems,
rather than as one single problem, and there are no
guidelines to provide for logical consistency in dealing
with the risk that the organization faces. Risk management
objectives:

Ambo University 28
Risk management and insurance

Serve as prime source of guidance for those charged

with responsibility for the program,
Increases efficiency and effectiveness of the
program, and
Serve as a means/bench mark to evaluate performance.
Risk management has several important objectives that can be
classified in to two categories: pre-loss objectives and post-
loss objectives.
Pre-loss objectives post-loss objectives
Economy -Survival
Reduction in anxiety -continuity of operations
Meeting external obligations -Earning stability
-continued growth
-social responsibility

2.3. The risk management process

Risk management is composed of four steps where one is

building up on the other. These steps are presented as
follows:

1. Risk Identification(identifying potential losses)

2. Risk measurement(evaluate potential losses)
3. Selection of possible risk handling tools
4. Implementation ,administering ,review and evaluation of
the program

Let’s discuss each step in greater detail.

2.3.1. Risk Identification

It is the process of identifying potential loss
confronting the firm.
It is a fundamental / basic duty that must precede all
other functions of risk management.

Ambo University 29
Risk management and insurance

It is the first step in the risk management process. Here,

the risk manager tries to locate the areas where losses
could happen due to a wide range of perils. It would be
very difficult to deal with the risks faced by a firm
unless they are properly identified.
Risk identification is a very difficult process; because
the risk manager has to look in to all operations of the
company so as to identify where exactly risks emanate
from. In addition, risk identification is continuous job
since risk environment is dynamic. Both obvious and hidden
risks need to be identified. Compared to obvious risk,
hidden risks poses a more serious threat to organization
for it is less prepared for them. Therefore, it becomes
necessary for organization to have proper system that
identifies all kinds of risk on continuous basis. The risk
manager has to reorganize exposures to loss and must aware
of the possibility of each type of loss to them.
Note:
 Poor identification leads to unplanned retention.
Unplanned retention cannot be the right decision
unless it becomes right by chance.
 All the subsequent steps in risk management build
upon it and its effectiveness affects the success of
the whole risk management process.

To identify all the potential losses, the risk managers

undertake two activities. First, a check list of the losses
that could occur to any business; and second, systematically
approaching and discovering which of the potential losses
included in the check list are faced by the organization. We
are going to study these two steps in detail.
Here we go! First thing first!

A. Checklist of potential losses

Checklist of potential losses is a list of all possible
asset of organization together with their respective loss
exposures. Loss exposure checklist provides a listing of

Ambo University 30
Risk management and insurance

common risk exposures of the firm. It is the simplest and

effective tool for risk identification. In fact, it is one
of the most common tools used for identifying and analyzing
risk.
The loss exposure checklists are available from various
sources; insurers, agencies, and risk management
associations. The list contains possible losses to the
organization from destruction to physical and intangible
assets. Sources of loss to the organization according to
whether the loss is predictable or unpredictable,
controllable or uncontrollable, direct or indirect, and from
different types of legal liabilities. Once the list is
obtained, the risk manager can ask questions like “is this
potential loss and sources of loss to our organization?”
Uses of such lists reduce the likelihood of overlooking
important loss and its sources. An example of asset exposure
analysis that shows checklist of possible assets and
possible exposure to loss is presented in appendix-1

B.Systematic approaches
In order to identify the potential loss, the risk manager
should have sources. Some of the systematic approaches /
tools used by risk managers to the problem of risk
identification are:
i. Insurance policy checklists
ii.Risk analysis questionnaires
iii. Flow process charts
iv.Analysis of financial statements and
v. Inspections of the organization’s operations or
On-sight inspection.
vi.Analysis of the environment
vii. Contract analysis
viii. Statistical record of losses
ix.Interaction with other department

Ambo University 31
Risk management and insurance

i. Insurance Policy Checklists

The checklists are available from insurance companies and
from publishers specializing in insurance related
publications. Here, the risk manager initially collects a
specimen of insurance policy forms from various insurers.
He, then, proceeds to prepare a checklist of various types
of pure risk that can be dealt with insurance. Through close
examination of the policy forms, the risk manager can
identify the non-insurable risks and accordingly will
consider other risk handling tools. Typically, such lists
include a catalogue of the various policies or types of
insurance that a given business might need.

The principal defect/limitation of this approach is that

concentrates on insurable risks only, ignoring the
uninsurable pure risks.

ii. Risk Analysis Questionnaires

It also called as “fact finders” because it leads the risk
manager to the discovery of risks through series of detailed
and penetrating questions.
In most instances, these questionnaires are designed to
identify both insurable and uninsurable types of risks.
This questionnaire directs the risk manager to secure the
operation and the properties of that organization.

iii. Flow Process Charts

Flow process charts show all the operations of the firm
starting with raw materials, electricity / power and other
inputs at suppliers’ location and ending with finished
products in the hands of customers is constructed.

Secondly, the checklist of potential property, liability and

personnel losses is applied to each property and operations
showing the flow charts to determine which loss the

Ambo University 32
Risk management and insurance

organization faces.i.e., - Draw flow charts starting from

raw materials and ending to finished products in the hands
of customers.
- Identify the potential loss

Supplies delivered from Receiving Manufacturing

warehouse – 1 in firm’s room Storage process
truck

Delivery in own truck

Retailer To warehouse -2

Packaging

Retailer Delivery by a common

Carriers to warehouse - 3

Flow Chart – Manufacturing Plant

The most positive benefit of using flow charts is that they
force the risk manager to become familiar with the technical
aspects / matters of the organization’s operation.
Example: how the goods move from one place to another, etc.
iv. Analysis of Financial Statements
Analysis of the organizations financial statements can also
aid in the process of risk identification. i.e.
- The asset listing in the balance sheet and
- The income and expense classification in the income
statement.
v. On – sight inspection / Inspection/
-It is a must for the risk manager.
-The risk manager will have firsthand information through
direct inspection
“One picture is worth of a thousand words. “Seeing is
believing”
Vi. Analysis of the environment

Ambo University 33
Risk management and insurance

A careful analysis of the environment (internal and

external) can help in identifying the exposures to
particular firms. Four components of the relevant
environments that are identified in literature are
customers, suppliers, competitors and regulators. In
analyzing each component, important considerations are the
nature, relationship, their heterogeneity and their
stability. For example, is the product distributed directly
to one group of buyers or indirectly through whole sellers
and retailers? Does the firm have single or multiple
suppliers? What special obligations are imposed by outsiders
such as Government, customers, and unions?
VII. Contract analysis
Many of the organizations exposure to risk arises from the
contractual relationship with other person and organization.
Thus, examination of contracts of the organization may
reveal areas of exposures that are not evident from the
organizations operations and activities.
VIII. Statistical record of losses
An approach that probably suggests fewer exposures than the
other but which may identify some exposures not otherwise
discovered is to consult statistical records of losses or
near losses that may be repeated in near future.
IX. Interaction with other department
This is another way to identify losses facing a business via
systematic and continuous interaction with other departments
in the business. For instance, extended visit with managers
and employees of other department help the risk manager
obtain complete understanding of activities and potential
losses created by these activities.
Dear student! Which of the above approach you think is the
best to identify the possible losses and sources of loss to

Ambo University 34
Risk management and insurance

the organization? No one best approach is there. Before

finalizing these section three pints should be noted.
Risk manager should not rely on one approach only. Each
approach has its own merit and limitations. For example,
timely information from other department may reveal an
exposure the financial statement analysis method may
miss.
Risk identification is continuous process since risk
environment is dynamic.
Applying the check list of potential losses to firm’s
exposures may suggest some gaps in the checklist in
itself that should be corrected.

2.3.2. Risk Measurement

Once the risks have been identified, the risk manager must
evaluate them. That is, measuring the potential size of the
loss and the probability that it is likely to occur.

Risk measurement is required by the risk manager for two

purposes:
i.To determine their relative importance and
ii. To obtain information that will help him/her decide
upon the most desirable combination of risk management tools
or methods.

In order to arrive these two points, what dimensions to be

measured? Two most important dimensions to be measured are
i. The loss frequency:- the probability of occurrence of
losses and
ii. The severity of the losses:-the magnitude of loss and
severity of losses.
For each of the aforementioned two dimensions, it would be
desirable to know at least the value in an average budget
period and the variation in the values from one budget
period to the next.

Ambo University 35
Risk management and insurance

As we have stated earlier, among the purpose of measuring

loss is the determination of their relative importance. What
kind of loss is most important? Actually, both dimensions of
risk (frequency and severity of loss) data are needed to
rank the risk based on their relative importance. In
addition, there is no formula for ordering the losses in
order of importance but, the wise approach however is, to
place more emphasis on loss severity. Therefore, the
importance of risk depends mostly up on the potential loss
severity than the potential frequency. A potential loss with
catastrophic possibilities, although infrequent, is far more
serious than one expected to produce frequently small losses
and no large losses. On the other hand, loss frequency
cannot be ignored. If two exposures are characterized by the
same loss severity, the loss whose frequency is greater
should be ranked higher.
A particular type of loss may also be divided in to two or
more kinds of losses depending up on whether the loss
exceeds a specified birr amount. For example, an automobile
collusion loss may be divided in to two kinds of losses: 1)
collusion losses of Birr.1, 000 (or some other figure) or
less and 2) losses over Br.1, 000. Losses in the second
category are the more important, although they are less
frequent.

In determining loss severity, the manager must be careful to

include all the types of losses that might occur as a result
of a given event as well as their ultimate financial impact
up on the firm. Often while the less important types of
losses are obvious to the risk manager, the more important
types are much more difficult to identify. The potential
direct property losses are rather generally appreciated in

Ambo University 36
Risk management and insurance

advance of any loss, but the potential indirect losses (net

income, interruptions of business) that results from the
same event are commonly ignores until the loss occurs. The
same event may also cause liability and personnel losses.
This recognition of losses associated with a given event has
been termed as the loss unit concept. The loss unit concept
is the sum of all financial losses that could result from a
single event.

Loss severity may also depend up on the number of units

involved in the loss. For example, if the firm has three
adjacent warehouses, one fire may cause considerable damage
at all the three ware house which is sever compared to loss
on each of them.
Finally in estimating loss severity, it is important to
recognize the timing of any loss as well as their total Birr
amount. For instance, a loss of Br.10, 000 a year for 10
years is not as severe as an immediate loss of Br.100, 000
because of:
 The time value of money, which can be recognized by
discounting future Birr losses at some assumed interest
rate, and
 The ability of the firm to spread each outlay over long
periods.

2.3.2.1 Loss-severity measures

One of the systems used to measure the severity of risk is
the prouty measure of severity. It was suggested by Richard
Prouty, a risk manager. The two measures suggested by Prouty
to measure loss severity are:
The maximum possible loss to one unit per occurrence
and,

Ambo University 37
Risk management and insurance

The maximum probable loss to one unit per occurrence.

The maximum possible loss is the worst loss that could
possibly happen to the firm. The maximum probable loss is
the worst loss that is likely to happen. The maximum
probable loss therefore is usually less than the maximum
possible loss.
A worst loss could occur but the chance of occurrence is
less than some percentage selected by risk manager such as
2.5%(once every 40 years). Because different risk managers
may select different percentages, they may disagree on the
value of the maximum probable loss even though they arrive
at the same estimate of a probability distribution. Of these
two measures, the maximum probable loss is the most
difficult to estimate but also the most useful.

2.3.2.2. Priority ranking based on severity

As mentioned earlier, the process of risk evaluation ranks
as per the severity/importance of losses. The more severe
the losses due to a risk, the higher the rank. As the
relative severity of loss differs, not all losses warrant
equal attention. Some are to be given priority over other.
Under such circumstance, classification of risk in to three
as hereunder seems appropriate.
1. Critical risk-includes those exposures to loss where the
magnitude of losses could lead to bankruptcy
2. Important risk-includes those exposures in which the
possible losses would not lead to bankruptcy, but
require the individual or firm to borrow in order to
continue operations.
3. Unimportant risks-includes those exposures in which the
possible losses could be met out of the existing assets

Ambo University 38
Risk management and insurance

or current income without imposing undue financial

strain.
To assign individual exposures to one of these three
categories, one must determine the amount of financial
loss that might results from a given exposure and also
the ability of the firm to absorb such losses.

2.3.3. Selecting the appropriate technique for

treating loss exposures:

The third step in risk management process is to select the

most appropriate technique, or combination of techniques for
treating loss exposures. Let’s first deal with the
techniques first and we will see which technique/s are
appropriate under a given situation.
The major techniques for treating loss exposures are the
broadly classified in to two: Risk control techniques and
Risk financing techniques.
Risk control techniques: -attempt to reduce the frequency
and severity of accidental loss to the firm. Risk control technique
includes:
 Avoidance
 Loss control
 Separation/diversification
 Combination
Risk financing techniques: -provide for the funding of
accidental losses after they occur. Risk financing techniques
includes:
 Retention/assumption
 Self insurance
 Non-insurance transfers
 Insurances
Dear learners! Let’s discuss each of the techniques under the risk controlling and
financing techniques in detail.

Ambo University 39
Risk management and insurance

2.3.3.1. Risk control techniques:

A. Avoidance

Risk avoidance:

 Includes not performing an activity that could carry

risk.
 Avoidance may seem the answer to all risks, but
avoiding risks also means losing out on the potential
gain that accepting (retaining) the risk may have
allowed. Not entering a business to avoid the risk of
loss also avoids the possibility of earning profits.

Two approaches of risk avoidance:

i. Abandonment of previously assumed activities
ii. Refusing to assume an activity

Avoidance is a useful and common approach to the handling of

risk. However, it has the following off-putting
characteristics. These are:
 Most business would not be able to operate unless they
either owned or rent a fleet of cars.
 The potential benefits to be gained from employing certain
persons, owning a piece of property, or engaging in some
activity may so far outweigh the potential losses and the
risks involved that the decision maker gives little
consideration to avoiding the associated risks.
 Avoiding risk may create another risk. For instance, a
firm may avoid the risks associated with air shipments by
substituting train and truck shipments. In the process
however, it has created some new risks.
 It may not be possible to avoid all losses.
Example: -

Ambo University 40
Risk management and insurance

 A company cannot avoid the premature death of a key

executive.
 A business has to own vehicles, building,
machinery, inventory; etc without them operations may
not be impossible.
 It may not be practical or feasible to avoid the
exposure.
Example: A paint factory can avoid losses arising from the
production of paint. However, without any paint production,
the firm will not be in business.
Note:
 Risk avoidance discontinues the source of risk; and
hence is different from loss /risk transfer from one
person, and/or organization to other.
 Avoidance is different from loss-control measures,
which is conducting operation in the safest possible
manner.

B. Loss control:
 Attack the risk by lowering the chance that loss will
occur or by reducing its severity if it does occur
while permitting the firm, individual or the society to
commence the activity creating the risk.
 Unlike the avoidance technique, loss control deals with
an exposure that the firm does not wish to abandon.
 Its purpose is to change the characteristics of the
exposures that it is more acceptable to the firm.

Loss control includes Loss prevention and reduction methods:

Prevention program is defined as a measure taken before the
misfortune occurs.

Ambo University 41
Risk management and insurance

Generally speaking, loss prevention programs intend to

reduce the chance of occurrence.
Example:
- Constricting a building with a fire resistance
material / fireproofing.
- Constructing a building in a place where there is little
danger.
- Regularly inspecting the machine/area
- The existence of automatic loss detection programs.
 Fire alarms
 Warning posters /No Smoking!! And DANGER ZONE!! /…

Loss reduction program:

 Seek to reduce the potential severity of the loss.
 Can be classified as minimization or salvage programs
Minimization program take effect in advance of the loss or
while it is occurring. e.g. automatic sprinkler-minimize the
fire loss by spraying water up on a fire soon after it
starts in order to confine damage to limited area.

Salvage program become effective after the loss is over.

E.g. restoration of damaged property to the highest possible
degree of usefulness.
Examples of loss reduction programs:
 Automatic sprinkler
 An immediate first aid
 Medical care and rehabilitation service
 Guards
 Fire extinguisher
 Fire alarms

Ambo University 42
Risk management and insurance

- Loss may be prevented or reduced in any of the following

ways:
I. Working with company’s Engineers

- This approach of reducing loss/risk emphasizes on/by

focusing on the mechanical causes of accidents such as:
defective wiring, improper disposal of waste products,
poorly designed high ways…
II. Training of Personnel

- In addition to the process of regulating and elimination of

the mechanical failures the machine or equipment need to be
operated by qualified personnel to eliminate or reduce the
loss of due to human failures.
- Workers should be acquainted with the machines they are to
operate through an adequate training to reduce losses.
C. Separation /Diversification
- Separation of the firm’s exposures to loss instead of
concentrating them at one location where they might all is
involved in the same loss.
- Separation==>Dispersion/Scattering the exposure in different
places.
The principle is “Don’t put all your eggs in one basket”
Example: Instead of placing its entire inventory in one
warehouse, the firm may elect to separate this exposure
by placing equal parts of the inventory in ten widely
separated warehouses.

- It is considered as a loss reduction measure.

- This separation of exposures reduces the maximum probable
loss to one event. The probability of some loss actually
increases. Because, the probability that at least one of
several unit will suffer a loss is greater than the

Ambo University 43
Risk management and insurance

probability that any particular unit will suffer a loss.

Emphasis is placed here, however, on the fact that through
this separation the firm increases the number of independent
exposures units under its control.
D. Combination
- It is a pooling or combination process.
- Risks are pooled when the number of independent exposure
units under observation is increased.
- Unlike separation, which spreads a specified number of
exposure units, combination increases the No of exposure
units under the control of the firm.
- In the case of firms, combination results in the pooling of
resources of two or more firms. The new firm has more
building, more automobiles, and more employees than either
of the original companies. This leads to financial strength,
thereby minimizing the adverse effect of the potential loss.
- Combination of pure risks is not generally the major reason
why a firm expands its operations, but this combination may
be an important by- product or merger or growth.
- Insurers, on the other hand, combine pure risks
purposefully; they insure a large No of persons in order to
improve their ability to predict their losses.

2.3.3.2. Risk financing techniques:

A.Retention/Assumptions
-It is the most common method of handling risk by the
individual or the firm itself.
-When the individual or the business does not take positive
action to avoid, reduce or transfer the risk, the
possibility of loss involved in that risk is retained.
-Bearing all the risk by that person/organization.

Ambo University 44
Risk management and insurance

Retention can be: active or passive retention.

 Planned/Conscious/ Active risk retention

- It characterized by the recognition that the risk exists,
and a tacit agreement to assume the losses involved.
- The decision to retain a risk actively is made because there
are no alternatives or is not more attractive.
Prerequisites of Active Retention:
Active/planned retention should be considered only when at
least one of the following conditions exists:
a. It is impossible to transfer the risk to someone else or
to prevent the loss from occurring
b. When the maximum possible loss is so small-thus, the firm
can safely absorb it as a current operating expense or out
of small reserve funds.
c. When the chance of loss is so extremely low
d. When losses are highly predictable

 Unplanned/Unconscious/ Passive Retention

- Passive risk retention takes place when the individual
exposed to the risk does not recognize its existence and
consequently does not attempt to handle it.
- In these cases, the person so exposed retains the financial
consequence of the possible loss without realizing that he
does so.
- 0ccurs when the risk is not properly identified, and when
the risk manger properly identifies the exposures but has
underestimated the magnitude of the potential losses.
B.Self-insurance
- Self-insurance is a special case of active retention

Ambo University 45
Risk management and insurance

- Sometimes called self funding-which express more clearly the

idea that losses are funded and paid by the firm. i.e. a
firm may keep some money to retain the risk.
- Widely used in workers compensation insurance. For instance,
to provide group health, dental, vision, and prescriptions
drug benefits to employees.
Note that:
 Self-insurance is not insurance, because there is no
transfer of the risk to an outsider
 Self-insurance plans differ from other insurance operation
in that the pooling of exposures and funding of losses
takes place within one business entity.
C. Transfers
- It is also called as shifting method.
- When a business organization cannot afford to cover the loss
by itself, it may look for/transfer to other institutions.
- Transfer or risk may be accomplished in two ways.
a. Transfer of the activity or the property.
- The property or activity responsible for the risks may be
transferred to some other person or group of persons.
Example:
- A firm that sells one of its buildings transfers the risks
associated with ownership of the building to the new owner.
- Hiring a subcontract for the portion of the project.
b. Transfer of the probable loss
- I.e. the risk, but not the property or activity, may be
transferred.
Example: Under a rent, the occupant may be able to shift to
the owner any responsibility the occupant may have for
damage to the owner’s building.

Ambo University 46
Risk management and insurance

Transfers of risk may be grouped in two classifications.

a. Transfer to parties other than insurance company (non-

insurance transfer)
b. Transfer to an insurance company/Insurer

o Non-insurance transfers:
Is a method other than insurance by which a pure risk and
its potential financial consequences are transferred to
another party. Neutralization or hedging and hold-harmless
agreements are example of non-insurance transfer of risk.

Neutralization or hedging: -is the process of balancing a

chance of loss against a possible loss.
Example, a person who has bet that Manchester united team
will win Arsenal in the premier league cup final may
neutralize the risk involved by also placing a bet on the
opposing team-Arsenal in this case.

Hold –harmless agreements: -are contracts entered in to

prior to loss, in which one party agrees to assume a second
part’s responsibility should a loss occur.
Example, a contractor may require sub contractors to provide
the contractor with liability protection if he/she is sued
because of subcontractors’ activity.

o Transfer to Insurance Company/insurance

Insurance is contractual transfer of risk; and is
appropriate for loss exposures that have a low probability
of loss but the severity of loss are high (will be discussed
in chapter –4).

Ambo University 47
Risk management and insurance

2.3.3.3. SELECTION OF RISK MANAGEMENT TOOLS

This section will discuss a few of the more important
considerations that enter into the selection of the
technique to be used in handling a particular risk.

 Rules of Risk Management

These guidelines for risk management decision-making are
quite simple common-sense principles applied to the pure
risk situation. Mehr and Hedges propose the following three
basic rules of risk management:
i. Don’t risk more than you can afford to lose
ii. Consider the odds
iii. Don’t risk a lot for a little
If the risk managers can determine the probability that a
loss may take place, he is in a better position to deal with
the risk than would be the case without such information;
but is impossible to attach undue significance to such
probabilities. The probability of a loss occurring is less
important to the risk manager than the financial
consequences if it does happen. Even if the risk manager
knows that the probability of loss from a given exposure is
remote, the decision must still be based on its possible
severity. If the risk carries a possible catastrophic loss,
the fact that the probability is small is of little
significance.

In determining the appropriate method or methods for

handling losses, a matrix can be used that classifies loss
exposures according to frequency and severity. The following
matrix can determine which risk management be used.

Loss Loss Appropriate risk

Ambo University 48
Risk management and insurance

Frequency Severity Management

technique
Low Low Retention
High Low Retention &
Reduction
High Insurance

Low

High High Avoidance

2.4. Implementation, administering, review and

evaluation of the program

Implementation and administering

After deciding on the combination of methods to be used for

each risk; each risk management decision should be recorded
and approved by the appropriate level of management. For
example, a risk concerning the image of the organization
should have top management decision behind it whereas IT
management would have the authority to decide on computer
virus risks.

The risk management plan should propose applicable and

effective security controls for managing the risks. For
example, an observed high risk of computer viruses could be
mitigated by acquiring and implementing antivirus software.
A good risk management plan should contain a schedule for
control implementation and responsible persons for those
actions. Follow all of the planned methods for mitigating
the effect of the risks. Purchase insurance policies for the
risks that have been decided to be transferred to an
insurer, avoid all risks that can be avoided without

Ambo University 49
Risk management and insurance

sacrificing the entity's goals, reduce others, and retain

the rest.

REVIEW AND EVALUATION OF THE PLAN

Initial risk management plans will never be perfect.

Practice, experience, and actual loss results will
necessitate changes in the plan and contribute information
to allow possible different decisions to be made in dealing
with the risks being faced.

Risk analysis results and management plans should be updated

periodically. There are two primary reasons. These are:

1. to evaluate whether the previously selected security

controls are still applicable and effective, and
2. to evaluate the possible risk level changes in the
business environment. For example, information risks
are a good example of rapidly changing business
environment.

Activity 2.2.

1. Explain the objective of risk management both before

loss and after losses.

-------------------------------------------------------
----------------------------------------------------

2. The four stages in risk management

-------------------------------------------------------
-----------------------------------------------------

Ambo University 50
Risk management and insurance

3. What are the various approaches that may be used by

risk manager in the identification of loss exposures?

-------------------------------------------------------
-------------------------------------------------------

4. Is self insurance the same as insurance?

------------------------------------------------------------
------------------------------------------------

5. List some example of loss control and non-insurance

transfer.----------------------------------------------
-----------------------------------------------------

Ambo University 51
Risk management and insurance

Chapter summary

Dear learners!

In this chapter we have discussed the concept of risk

management. Risk management is scientific approach to deal
with pure risk. It involves anticipation of possible
accidental losses designing and implementation of procedures
that:
 Minimize the occurrence of loss
 Minimize financial impact of loss if they do occur.

As a general rule, the risk manager is concerned only with

the management of pure risk (insurable and non insurable)
not speculative risk. Therefore, risk management is the
identification and measurement and treatment of property,
liability and personal pure risk exposures.
The first step in risk management process is the
determination of the objectives of risk management program.
i.e precisely deciding what the organization expects its
risk management program to do. Risk management objectives
serve as prime source of guidance for those charged with
responsibility for the program, increases efficiency and
effectiveness of the program, and serve as a means/bench
mark to evaluate performance. The several objective of risk
management are classified in to two categories: pre-loss
objectives and post-loss objectives.

To attain the aforementioned objective there are steps in

risk management process. These are summarized as follows:

Ambo University 52
Risk management and insurance

Identifying potential losses

Evaluating potential losses

Selecting the appropriate techniques for handling losses

Risk control techniques:
 Avoidance
 Loss control
 Separation
 Combination
Risk financing techniques:
 Retention/assumption
 Self insurance
 Non insurance transfer
 insurance

Implementing and administering the programme

Self assessment Test

Dear student have you gone through the above texts, and then
let you single out and circle the best letter of your
choice.
1. Following good health habits can be categorized as
A. Loss prevention
B. Loss reduction
C. Non-insurance transfer

Ambo University 53
Risk management and insurance

D. Risk retention
E. “A” and “B”
2. At the risk identification phase, the risk manager is expected to:
A. Measure the severity and frequency of loss
B. Control the loss of the firm
C. Select and implement risk handling tools
D. All
E. None
3. Planned retention of risk is appropriate when;
A. The risk is expected to happen in near future
B. Managers are risk averter
C. Opportunity cost of the fund to be paid as a premium is low
D. The expected loss is less than the premium to be paid
E. All
4. The use of fire-resistive materials when constructing a building is an example of
A. Risk transfer
B. Risk avoidance
C. Risk retention
D. Self-insurance
E. None
5. The identification of risks should start with:
A. Description of the internal and external risks

B. A brainstorming session with risk management experts

C. A good understanding of the program and a brainstorming session with key

stakeholders

D. Definitions of likelihood and impact

E. All are true

Answers key: self test question

1.E 3.C 5.C

2.E 4.E

Ambo University 54