MODULE NO -1

INTRODUCTION TO RISK MANAGEMENT

Introduction

Risk is the potential of loss (an undesirable outcome, however not necessarily so) resulting
from a given action, activity and/or inaction. The notion implies that a choice having an
influence on the outcome sometimes exists. Potential losses themselves may also be called
“risks”.

Definition of Risk

According to haynes, mote and paul, “risk refers to relatively objective probabilities which can
be computed on the basis of past experience or some prior principle”.

According to g.c. philippatos, “the decision situation is said to be characterized risk only if the
decision-maker knows the probabilities to the possible outcomes”.

Meaning of Risk and Uncertainty

Risk

Basically, risk is uncertainty or lack of predictability. In this instance, it refers to the uncertainty
as to loss that a person or a property covered by insurance faces. Insurance companies
frequently refers to the insured person or property as the risk.

Uncertainty

The term uncertainty is often used in connection with the term risk (sometimes even
interchangeably), it seems appropriate to explain the relationship between the terms risk and
uncertainty.

Uncertainty refers to a state of mind characterized by doubt, based on a lack of knowledge

about what will or will not happen in the future.

Types of Risk

The different types of risk are as follows

I. Classification based on consequence of the risk event

 1. Speculative risks: speculative risks are those, which may give loss or profit.
For example, if investor purchase 100 shares of common stock, he/she would
profit if the price of the stock increases but would lose if the price declines.
Other examples of speculative risks include betting on a horse race, investing in
real estate, and going into business for yourself. In these situations, both profit
and loss are possible.

2. Pure risk: pure risks are associated with uncertainties which may cause loss. In
a pure risk situation, either a loss occurs or no loss occurs- there is no possibility
for gain. These uncertainties may be due to perils such as fire, floods, etc., or
may arise from human action such as theft, accident, etc.

Difference between Speculative and Pure Risks

Basis of difference Speculative risks Pure risks

Meaning Speculative risks are those, Pure risks are associated with
which may give loss or profit. For uncertainties which may cause
example, if you investor loss. In a pure risk situation, either
purchase 100 shares of common a loss occurs or no loss occurs-
stock, you he/she would profit if there is no possibility for gain.
the price of the stock increases These uncertainties may be due to
but would lose if the price perils such as fire, floods, etc., or
declines. may arise from human action such
as theft, accident, etc.
Insurability With certain exception, private Private insures typically insure
insurers generally do not insure only pure risks.
speculative risks, so other
techniques for dealing with
speculative risk must be used.
Law of large The law of large numbers is The law of large numbers can be
numbers difficult to applied to speculative applied more easily to pure risks.
risks. It is generally more The law of large numbers is
difficult to apply the law of large important because it enables
 numbers to speculative risks to insurers to predict future loss
predict future loss experience. experience.
Effect to society Society may benefit from a Society may harmed if a pure risk
speculative risk even though a is present and a loss occurs.
loss occurs.

II. Classification based on nature of event:

1. Fundamental risks: a fundamental risk is one that affects the entire economy
or large numbers of persons or groups within the community. It involves losses
that are impersonal in origin and consequence.
For example, cyclical unemployment, war, earthquakes, and more recently
terrorism. Observe that these risks are caused by conditions that are beyond the
control of individuals. Fundamental risks can be addressed only through social
insurance and government programs. Insurance is not a viable solution.

2. Particular risks: a particular risk involves losses that arise out of individual
events and are felt only by particular individuals and not by the entire
community or group. Individuals rather than society bear the responsibility for
dealing with these losses.
For example, burning of a house or an automobile accident. Particular or
specific risks can be addressed through the use of private insurance, loss
prevention or some other risk management technique.

III. Classification based on nature of the environment

1. Static risks: static risks imply events taking place within a stable environment.
They have a regular pattern of occurrence over time and can be reasonably
predicted. They are consequently more amenable to treatment by insurance.
Typically, static risks belong to the realm called state of nature risks- they are
caused by natural events.
For example, fire, earthquake, death, accident and sickness.

2. Dynamic risks: dynamic risks, on the other hand, are typically present in the
social environment and are produced by changes in economy and society.
 Although they affect a large number of individuals, they are generally
considered less predictable than static risks, since they do not occur with any
precise degree of regularity.
For example, social and market related events like unemployment or war.

Burden of risk

The presence of risk results in certain undesirable social and economic effects. Risk entails
three major burdens on society:

1) Larger emergency fund

It is prudent to set aside funds for an emergency. However, in the absence of insurance,
individuals and business firms would have to increase the size of their emergency fund
to pay for unexpected losses.

2) Loss of certain goods and services

A second burden of risk is that society is deprived of certain goods and services. For
example, because of the risk of a liability lawsuit, many corporations have discontinued
manufacturing certain products.

3) Worry and fear

A final burden of risk is that worry and fear are present. Numerous examples can
illustrate the mental unrest and fear caused by risk.

Sources of risk

Sources of risk are divided into

 External sources of risk

 Internal sources of risk

External sources of risk

Forces belonging to the external environment affecting the particular business enterprise cause
external risks. Following are some factors which cause external risk:

1) Economic factors
 These are the most important causes of external risks. They result form the changes in
the prevailing market conditions, they may be in the form of changes in demand for the
product, price, fluctuations, changes in tastes and preferences of the consumers and
changes in income, output or trade cycle. The conditions like increased competition for
the product, inflationary tendency in the economy may also adversely affect the
business enterprise. Such risks which are caused by changes in the economy are known
as dynamic risks. These risks are generally less predictable because they do not appear
at regular intervals. For example, due to market fluctuations, a well known product of
a firm may either lose its demand or may occupy a larger market share.

2) Natural factors
These are the unforeseen natural calamities over which an entrepreneur has very little
or no control. They result from events like earthquake, flood, famine, cyclone,
lightening, tornado, etc. Such events may cause loss of life and property to the firm or
they may spoil its goods.
For example, gujarat earthquake caused irreparable damage not only to the business
enterprises but also adversely affected the whole economy of the state.

3) Political factors
These have an important influence on the functioning of a business, both in the long
and short-term. They result from political changes in a country like fall or change in the
government, communal violence or riots in the country, civil war as well as hostilities
with the neighbouring countries. Besides, changes in government policies and
regulations may also affect the profitability and position of a enterprise.
For example, changes in industrial policy and trade policy annual announcement of the
budget amendments to various legislation, etc may enhance or reduce the profits of a
business enterprise.

Internal sources of risk

Internal risks are caused by the internal events associated with the working of a business
enterprise. Following are some factors which cause internal risks:

1) Operational factors
 This is the risk of monetary losses resulting from inadequate or failed internal
processes, human error, and systems failure or from external events. For example,
 Systems and technology failure
 Inadequate document retention or record-keeping
 Lack of supervision, accountability, and control
 Data and modelling quality, such as appraisals
 Fraud (internal and third-party)
The consequences of mismanaged operational risk include domain name hijacking and
failure to renew a domain name. These failures are not due to external threats; they are
internal.

2) Human factors
These are an important cause of internal risks. They may result form strikes and lock-
outs by trade unions; negligence and dishonesty of an employees; accidents or deaths
in the industry incompetence of the manager other important people in the organization,
etc. Also, failure of suppliers to supply the materials or goods on time or default in
payment by debtors may adversely affect the business enterprise.

3) Technological factors
These are the unforeseen changes in the techniques of production or distribution. They
may result in technological obsolescence and other business risks.
For example, if there is some technological advancement which results in products of
higher quality, then a firm which is using the traditional technique of production might
face the risk of losing the market for its inferior quality product.

4) Physical factors
These are the factors which result in loss or damage to the property of the firm. They
include the failure of machinery and equipment used in business; fire or theft in the
industry; damages in transit of goods, etc. It also includes losses to the firm arising from
the compensation paid by the firm to the third parties on account of intentional or
unintentional damages caused to them.

Difference between external and internal source of risk

 Basis of difference External sources of risks Internal sources of risks
Meaning Forces belonging to the external Internal risks are caused by the
environment affecting the internal events associated with
particular business enterprise the working of a business
cause external risks. enterprise.
Controllable/ External risks cannot be Internal risks can be controlled,
Uncontrollable controlled or can be controlled to a great extent, through
with great difficulty by the efficient handling.
management.
Affects It affects the profit-earning It adversely affecting the
capacity of business. working of an enterprise and
likely to cause losses.
Factors Changes in the market Worker’s strike, breakdown of
conditions, distribution, machinery, carelessness or
production technology, and dishonesty of employees,
political environment; natural dishonesty in workers,
calamities, social unrest are management relationship are
some risks external to the examples of the internal risks.
business enterprise.

Methods of handling risk

Risk is the possibility of a loss, people, organizations, and society; usually try to avoid risk, or,
if not avoidable, then to manage it somehow. There are five major methods/tools of handling
risk as follows:

Risk avoidance:

It is the elimination of risk. Investor can avoid the risk of a loss in the stock market by not
buying or shorting stocks. Many manufacturers avoid legal risk by not manufacturing particular
products. Of course, not all risks can be avoided. Notable in this category is the risk of death.
But even where it can be avoided, it is often not desirable. By avoiding risk, investor may be
avoiding many pleasures of life, or the potential profits that result from taking risks. Virtually,
any activity involves some risk. Where avoidance is not possible or desirable, loss control is
the next best thing.
Loss control:

It works by either loss prevention, which involves reducing the probability or risk, or loss
reduction, which minimizes the loss. Loss prevention requires identifying the factors that
increases the likelihood of a loss, then either eliminating the factor or minimizing its effect.

most businesses actively control losses because it is a cost-effective way to prevent losses
from accidents, and damage to property; and generally becomes more effective, the longer the
business has been operating.

Risk retention:

It is also known as “active retention” and “risk assumption”, is handling the unavoidable or
unavoided risk internally, either because insurance cannot be purchased for the risk, because it
costs too much, or because it is much more cost-effective. Usually, retained risks occur with
greater frequency, but have a low severity.

Risk retention is retaining risk because the risk is unknown or because the risk taker either does
not know the risk or considers it a lesser risk than it actually is. For example, smoking cigarettes
can be considered a form of passive risk retention, since many people smoke without knowing
the many risks of disease and of the risks they do know, they do not think it will happen to
them.

Non-insurance transfers:

Risk can also be manages by non-insurance transfers of risks. The three major forms of non-
insurance risk transfer are as follows:

i. Contract
A common way to transfer risk by contract is by purchasing the warranty extension that
many retailers sell for the items that they sell. The warranty itself transfers the risk of
manufacturing defects from the buyer to the manufacturer. Transfers of risk through
contract is often accomplished or prevented by a hold-harmless clause, which may limit
liability for the party to which the clause applies.
ii. Hedging
It is a method of reducing portfolio risk or some business risks involving future
transactions. Thus, the possible decline of a stock price can be hedged by buying a put
for the stock.
 iii. For business risks by incorporating
Investors can reduce their liability risk in a business by forming a corporation or a
limited liability company. This prevents the extension of the company’s liabilities to its
investors.

Insurance

It is another major method that most people, businesses and other organizations can use to
transfer pure risks by paying of a possible large loss. By using the “law of large numbers”, an
insurance company can estimate fairly reliably the amount of loss for a given number of
customers within a specific time. An insurance company can pay for losses because it pools
and invests the premiums of many subscribes to pay the few who will have significant losses.
Not every pure risk is insurable by private insurance companies. Events which are
unpredictable and that could cause extensive damage, such as earthquakes, are not insured by
private insurers.

Degree of risk

The amount of objectives risk present in a situation, sometimes referred to as the degree of risk,
is the relative variation of actual from expected losses. More precisely, the degree of risk in the
range of variability around the expected losses, which are calculated using the chance of loss
concept by means of the following formula:

probable variation of actual expected losses

Objective risk _________________________________________
expected losses

Risk management

Meaning and definition of risk management

Risk management is the acceptance of responsibility for recognizing, identification and

controlling exposures to loss or injury which are created by the activities of the university by
contrast, insurance management involves responsibility for only those risks which are actually
insured against.
According to jorian, “risk management is the process by which various risk exposures are
identified, measured and controlled. Our understanding of risk has been much improved by the
development of derivatives markets”.

Accordingly, the term ‘risk management’ refers to the systematic application of principles,
approach and processes to the tasks of identifying and assessing risks, and then planning and
implementing risk responses. This provides a disciplined environment for proactive decision-
making.

Risk management process

Risk management consists of all efforts to preserve the assets and earning power of a business.
The process of risk management consists of several steps which are as follows:

1. Identification loss exposures.

2. Analysis loss exposures
3. Select the appropriate risk management technique
4. Implement and monitor the risk management program

1. Identification loss exposures

The process of managing risk is to identify potential risks. Risks are about events that,
when triggered, cause problems. Hence, risk identification can start with the source of
problems, or with the problem itself.
a. Source analysis: risk sources may be internal or external to the system that is the
target of risk management. For example, stakeholders of a project, employees of a
company, and the weather over an airport.
b. Problem analysis: risks are related to identify threats. For examples, the threat of
losing money, the threat of abuse of privacy information or the threat of accidents
and casualties. The threats may exist with various entities, most important with
shareholders, customers and legislative bodies such as the government.

When either source or problem is known, the events that a source may trigger or the
events that can lead to a problem can be investigated. The chosen method of identifying
risks may depend on culture, industry practice and compliance. The identification
methods are formed by templates or the development of templates for identifying
source, problem or event. Common risk identification methods are:
 a. Objective based risk identification: organizations and projects teams have
objectives. Any event that may endanger achieving an objective partly or
completely is identified as risk.
b. Scenario-based risk identification: in scenario analysis different scenario are
created. The scenarios may be the alternative ways to achieve an objective, or an
analysis of the interaction of forces in, e.g., a market or battle.
c. Taxonomy-based risk identification: the taxonomy in taxonomy-based risk
identification is a breakdown of possible risk sources. Based on the taxonomy and
knowledge of best practices, a questionnaire is compiled.
d. Common risk checking: in several industries, lists with known risks are available.
Each risk in the list can be checked for application to a particular situation.
e. Risk charting: this method combines the above approaches by listing resources,
modifying factors which may increase or decrease the risk and consequences which
are to be avoided.

2. Analysing loss exposures

Once the risks have been identified, they must then be assessed as to their potential
severity of loss and to the probability of occurrence. These quantities can be either
simple to measure, in the case of the value of a lost building, or impossible to know for
sure in the case of the probability of an unlikely event occurring.

Therefore, in the assessment process it is critical to make the best educated guesses
possible in order to properly prioritize the implementation of the risk management plan.

The fundamental difficulty in risk assessment is determining the rate of occurrence

since statistical information is not available on all kinds of past incidents. Furthermore,
evaluating the severity of the consequences is often quite difficult for immaterial assets.
Asset valuation is another question that needs to be addressed.

Thus, best educated opinions and available statistical are the primary sources of
information. Numerous different risk formulae exist, but perhaps the most widely
accepted formula for risk quantification is:

Rate of occurrence*impact of the event=risk

 3. Select the appropriate risk management technique
Once risks have been identified and assessed, all techniques to manage the risk fall into
one or more of these four major categories:
1) Avoidance of risk
2) Reduction of risk
3) Retention of risk
4) Transfer of risk

4. Implement and monitor the risk management program

Implementation of all the planned methods are followed for mitigating the effect of the
risks. Purchase insurance policies for the risks that have been decided to be transferred
to be an insurer, avoid all risks that can be avoided without sacrificing the entity’s goals,
reduce others, and retain the rest.

A risk management policy statement is documentation of the risks involved in

performing a specific action. Because any activity can have some risk involved,
companies create a risk management policy statement as a way of defining those risks.
It also informs the person performing that activity of the associated risks. Risk
management policy statements can be for actions ranging from physical activity, such
as risks involved in a manufacturing environment, to financial risks, such as
participating i a risky investment venture. Risk management statements can make for a
safer work environment by alerting employees to the risks associated with specific jobs
and what needs to be done to minimize those risks. The process gives a small business
the opportunity to identify these risks and to take steps to reduce them.

Objectives of risk management

1. Ensure the management of risk is consistent with and supports the achievement of the
strategy and corporate objectives.
2. Provide a high quality service to customers.
3. Initiate action to prevent or reduce the adverse effects of risk.
4. Minimize the human cost of risk, where responsibly practicable.
 5. Meet statutory and legal obligations.
6. Minimize the financial and other negative consequences of losses and claims.
7. Minimizing the risk associated with new developments and activities.
8. Be able to inform decisions and make choices on possible outcomes.

Risk management by individuals and corporations

The process of risk management can differ based on both the risk(s) being managed and the
agent managing them. First and foremost, risk management is a problem faced by individuals.
Although organizations, like companies, are just collections, organizations face a set of risks
all their own.

In general terms risk management is the process by which an individual tries to ensure that the
risk to which he is exposed are those risks to which he “thinks he is” and “is willing to be”
exposed in order to lead the life he wants. This is not necessarily synonymous with risk
reduction. As some risk can be simply tolerated, whereas others may be calculatedly reduced.
In still other instance, some individuals may conclude that their risk profile is ‘not risky’
enough a man who is extremely late to an important meeting and about to watch his bus pull
away from the curb may not only willingly fail to look both ways at a cross walk, but he might-
quit rationally-conclude that the risk of being late is so much higher than the risk of being hit
by a car that bounding across the intersections when the light is green seems like the right
judgment call.

Risk management by individuals

People can by insurance in preparation for a number of horrible circumstances. They can ensure
against death, disability, health problems and medical emergencies, property loss and legal
trouble. They can also partially ensure things such as educational outlays and retirement
income. Of course, there are also catastrophic risks such as war, natural disasters and the
government confiscation of property that cannot be ensure against-things that would hurt
almost every asset class if they came to pass.

Individuals choose to purchase insurance if the insurer has a comparative advantage in bearing
the risks, such as the ability to pool risks and to access capital markets. Consequently,
individuals transfer risk to insurance companies to reduce their personal risks while playing a
risk premium to the insurer.
There are much benefits on the purchase of insurance by individuals, insurance allows
individuals to transfer risks to insurance companies, thus reducing uncertainty about their net
worth and standard of living. In return for accepting the risk of losses, the insurance company
charges a premium. The expected cost of the insurance, known as the “premium loading”, is
the difference between the premium and the present value of expected losses.

For example, in household expenses it is now possible to use commodity etfs that track the
same futures used by corporate risk managers to hedge against future household price
increases. Similarly, if an individual does not own real estate but he might have future housing
needs and he can find liquid real estate investments that will his exposure to future housing
inflation without giving him the liquidity risk of holding actual real estate.

For principal protection against inflation as measured by cpi, an investor may turn to treasury
inflation-protected securities, but he might also consider etfs or assets with a lower tracking
error than tips, e.g., gold for general dollar risk or international currencies and bonds for
specific non-dollar exposures.

Risk management by corporations

In the past few decades, financial risk management has gained greater popularity has
corporation became increasingly conscious of the possibility of unexpected and harmful events
negatively affecting their cash flows and resources. The objective of financial risk management
is to assess and manage the corporation’s risk /exposure to various sources of risk by using
financial derivatives, insurance, and other operations.

Fama and jensen define four types of organizations, distinguished principally by the
relationships between stakeholders, managers, and users of the organization:

1. Open corporation
The first type of organization is an open corporation, characterizes by the almost
complete specialization of decision management and residual risk bearing. In other
words, management is typically a distinct group from those who have a residual claim
in the net cash flows of the company. The residual claims of open corporations are
almost always in the form of unrestricted common stock which can be freely bought
and sold in the capital market.
2. Closed corporation
 A second type of organization is a closed corporation or proprietorship these are
organizations in which management and ownership overlap significantly. In other
words, the same people that have a residual claim on the value of the form also do the
work.
3. Financial mutual
The third organizational classification is called the financial mutual these type of
organizations have residual claimants who are also the customers of the organization.
When the owner and the customer of organization are one and the same, the financial
mutual can be viewed as a type of club or syndicate hedge funds are examples for
financial mutual.
4. Non-profits
Finally non-profits are organizations whose major goals are not to maximize profits.
Instead, the objective of a non-profit may be to reach the word of god, feed the poor,
teach the principles of business admiration to student customers, and the like. Because
generating cash flows is not the primary objective of such organizations, they have no
residual claimants per se. The closest think are the donors and supporters that provide
operating cash flows.

Each of the four types of organizations has both stakeholders and customers. A stakeholder in
an organization is any individual whose personal welfare is affected by the success of the
organization. Primary stakeholders are usually the residual claimants-shareholders or owners-
of the enterprise. Creditors can also be stakeholders in this organization to be extent that the
success of the organization determines its ability to pay its bills. Managers are often
stakeholders even when they are not also shareholders or creditors their jobs, after all, depend
on the ongoing viability of the enterprise.

Risk management objectives

Risk management programme is to reduce a firms cost of risk.

Need for a rational for risk management in organization

risk is the main cause of uncertainty in any organization. Thus, companies increasingly
focus more on identifying risks and managing them before they even affect the business.
 the ability to manage risk will help companies act more confidently on future business
decision. Their knowledge of the risks they are facing will give them various options on how
to deal with potential problems.

risk can come from both internal and external sources. The external risks are those that
are not in direct control of the management. These include political issues, exchange rates,
increase rates, and so on. Internal risks on the other hand, include non-compliance or
information breaches. Among several others.

Risk management is an important factor all the time, but especially in

situations where:
• A business has a multiple sites,
• A business is too big for any individual to know all the potential threats,
• A business has operations overseas,
• A business has many suppliers or subcontractors, and
• A business uses a wide range of processes,

Following are the other need for risk management objectives:

• Risk impose costs on businesses and individuals, and
• Risk management also is costly,
• Need a criteria for making choices about how much risk management should be
undertaken.
• The need for a risk management objective follows from the observation that there
are trade-offs associated with risk management.

Understanding the cost of risk

cost of risk is the quantitative measurement of the total costs associated with the risk
management function, as compared to a business sales, assets, and number of employees.

Cost of risk includes each of the essential risk management activities in its measurement. There
are:
• Insurance premiums for liability, property, and workers compensation exposures,
including any associated taxes.
• Retained or uninsured losses for liability, property, and workers compensation
exposure, including any associated financial guarantees, fees, and taxes.
 • Risk management and insurance department administrative budgets.
• Costs for outside services, including broker fees, outside consulting and actuarial
fees, risk management information systems, and captive management cost.

Individual risk management and the cost of risk

risk aversion is the behavior of humans, when exposed to uncertainty, to attempt to

reduce that uncertainty. It is the reluctance of a person to accept a bargain with an uncertain
payoff rather than another bargain with a more certain, but possibly lower, expected payoff.

Risk management and social welfare

natural disasters bad weathers, and health-related problems have always been a concern
individual precautionary strategies and, perhaps more importantly, the creation of informal
exchange- based risk sharing mechanism, through extended families, mutual gift giving,
egalitarian tribal systems, corp sharing arrangements with landlords, etc.

industrialization and organization brought two important changes- a break- down of

traditional and informal risk-sharing mechanisms and the introduction of new risks, most
importantly work related accidents and unemployment.