Risk and risk factors are the cornerstones of a functioning firm or company. The risk-management process involves the systematic application of management policies and practices as well as procedures, with the intention of establishing a context of communication and consultation with relevant stakeholders. The treatment, monitoring, and reviewing of risks also comprises identification, analysis, and evaluation. Consider a scenario where a top company employs a new CEO and one of her first decisions is to ensure that safety is a major priority. Twoof the new rules being established state that all employees are required to use safety gear while in the manufacturing department of the company, and employees are to refrain from using text messaging while driving within the company premises. A few months into her tenure, one of the company’s employees is involved in a serious accident while moving through the manufacturing department (Kimura &Giner, 2009). An investigation by labor union representatives reveals the factors that attributed to the failures of management. This consequently led to a crippling of the ability of staff within the companytoidentify the potential risk that employees faced. In addition, there was failure to carry out a proper evaluation and communication to employees within the organisation in order to address outstanding issues. Bottlenecks within the realm of risk management are only solvable through the formulation of many rules and by ensuring that all employees in an organisation adhere to them. Adherence is particularly important as some of these rules will reduce certain risks that can causesevere damage to an organisation or company (Turner &Hunsucker, 2009). However, an organisation that bases its structure on the formulation of rules also needs to work to reduce the likelihood, or the impact, of accidents or of liability (Kimura &Giner, 2009).
Likelihood in risk management
Risk can be defined as the possibility that a certain event will happen, and that this event will have an impact on a company or organisation as it seeks to achieve its pre-established objectives. Several forms of risk exist within organizations such as financial, operational, and human resource risk (Mills, 2004). In order to address the concerns of such risks in an effective manner, organizations need to approach risk management with the identification, assessment, management, and control of the potential situations. In addition, to manage risk effectively there is a need to ensure that certain risks are not only identified, but are documented and prioritized and that mitigation is applied when possible (Mills, 2004).
Risk management and consequence
The establishment of a risk-management process should first begin with the examination of an organization’s management practices. Typically, any risk-management plans require the inclusion of certain objectives such as the need to eliminate negative risks and to reduce risks to acceptable levels (David &Wu, 2010). The process of risk management also involves the identification of certain categories of risk. This is because an organisation or company is highly likely to have different categories of analysis. Such risk categories involve technical, project management, financial, external, and compliance risks (Mills, 2004).
According to the research, it is viewed that likelihood, as opposed to the consequences of an event, should be the focus of risk management for risk likelihood enables risk managers or organizations to deal with the outcomes of risk before they occur. Through the creation of scenarios, management is able to contemplate how to deal with the outcome of risk as well as to ascertain its source and threat level. Focusing on consequences does not provide this flexibility as the organisation or risk manager is limited and restricted as to how to respond to the threat of risk and how to deal with risk when it does occur.
The importance of likelihood in risk management
Once the identification of risk has taken place, likelihood is determined and its potential vulnerability and how to exploit it (Bezuyen, 2009). Varying factors need to be considered when the concept of likelihood is chosen as the approach to risk management. For management, the first step is to consider the sources of potential threats, the motivation behind such threats, and the capability of the source of the identified threat (Mills, 2004). The second step is for organisational management to ascertain the nature of identifying threats and their vulnerabilities. The final step is self-examination as to what existing tools can be used to act effectively as a deterrent or as a form of mitigation to such vulnerabilities (Hodges, 2000). The level of likelihood, as well as its potential risk of vulnerability, can be set at levels such as high, medium, and low (Williams, 2008).
A high likelihood level occurs when the threat source is increasingly motivated, is highly capable, and is in a position with full control to block the usage and effectiveness of the vulnerability aspect. The likelihood level islow when the source of the threat is lacking motivation or ability, which results in the placement of controls to prevent the implementation of identified vulnerability (Williams, 2008).
Probability and impact definition
Consequences and their benefits in risk management
Focusing on consequences in risk management allows the risk manager or organisation to deal with the resulting negative effects of risk. Unlike when concentrating on likelihood, when faced with an outcome of risk an organisation can formulate a strategy to address the issue at hand. This is a valuable learning experience that strengthens the response of an organisation to risk, as well as making the organisation more adaptable to change when it arises, (Ward and Chapman, 2009).
Dealing with consequences, on the other hand, takes valuabletime, impeding the organisation or firm from embarking on other operations. As a result, other departments may be neglected or underfunded, which may strain the operations of the organisation and lead to its eventual collapse, (Angel, 2010). Focusing on likelihood, in contrast, provides management with the time to ascertain the source of the risk and its threat and to adjust accordingly so as to manage both the risk and its outcome.
Risk is defined as the possibility that a certain event will happen, and that this event will have an impact on a company or organisation as it seeks to achieve its pre-established objectives. Consequence, as it relates to risk management, deals with the identification of certain categories of risk and provides hand-on experience and increases the robustness of an organisation or individual. However, it is the author’s view that focus should be placed on likelihood as it provides more flexibility and preparation time than focusing on consequences, and it works well within the operations of an organisation and presents fewer limits as expressed within the construct of organisational function.
Risk retention is best defined as a methodology of dealing with risk. Risk retentioniswhen an organisation or company retains either all or part of their risk. It can be classified into two segments: active risk retention and passive risk retention. Active risk retention occurs when an organisation or company that is well aware of its risk chooses to deliberately retain either part of,or the entire, risk. A risk manager would use risk retention for two main reasons. The first reason is that risk retention as a risk-management concept can be used to save moneyaside is unnecessary to purchase costly insurance. This also includes deductible purchases that some organizations acquire as some insurance costs are unreasonable (Turner &Hunsucker, 2009).
Risk retention can also be defined as the acceptance of the losses, benefits, or any associated gains that may result from the occurrence of risk (Turner &Hunsucker, 2009). Financial and insurance experts argue that to be truly self-insured one must fall into this category. Risk retention is a viable strategy for minimal risk as the insurance costs against risk increase over time and are greater than the total losses of sustainment (Anghil, 2010). All risks that are avoided or have undergone transfer are retained. Consequently, the loss attributes are normally retained by the insurer. Any such level of potential risk with regards to the insurable capacity is likewise defined as retained risk. This can be acceptable when the chance of catastrophic loss is minimal or when the cost of wider insurance coverage is soexpensive that it would hinder, to a large extent, an organisation achieving its goals (Anghil, 2010).
In simple terms, risk retention is when an organisation is willing to undertake a risk without insurance to the point where its insurance plan covers a certain occurrence or in a form that is deductible. More commonly organizations retain a form of insurable risk that exists as deductibles as well as factors that are uninsured. Consider the following example to help explain risk retention. Imagine you were the owner of a soft drink outlet. You would ensure that you purchased aninsurance-coverage plan against the risk of fire or theft if you possessed a $250 deductible for retaining or for keeping as well as payment of damages that are less than the deductible in savings (Ward &Chapman, 2009). Certain risks, such as damages caused by natural disasters, would not be included in the transferred risk and so in this case one would retain the risk of having to pay for such damages.
Most organizations possess a fund in the form of a contingency fund in case such events ever occur, as well to compensate for a reduction in sales. Such a fund would allow its user to continue operating without needingtoborrow money (London &Dewor, 2011).In addition; the organisation could use the fund for costs, such as required repairs, which are not included in the budget. Certain amounts to cater for such occurrences restored in the organization’s contingency fund on the basis of several factors and risk retention plays a crucial role in this process.
Organizationsalso have a tendency to hire consultants todetermine the scope of risk to be covered. A consultant in such a situation would carefully examine the benefits of retaining certain risks (London &Dewor, 2011). For instance, in basic terms, insurance would simply be a form of risk transfer from the organisation to the insurance companies that couldresult in markup of nearly 60%, which would not be conducivetominimal risk. Furthermore, the more claims made by a company the higherthe future cost of insurance since insurance companies would identify this as a trend (Williams, 2007). Retaining risk and an existing contingency fund are therefore crucial aspects of any organization’s plan, regardless of the organization’s size.
Risk retention is beneficial for it enables an organisation to implement its strategies. This is because a positive outcome always exists and is presented as attachments to risk for the company. If the company is able to survive the risk, it reaps the benefits of dividends that are vital for its growth. This, on the whole, allows for the improved implementation of strategies, despite the risks that may be attached.
Risk transfer is another way in which risk can be dealt with and it is an indispensable factor of insurance. To transfer risk means moving it from the realm of the insurer to the realm of the insured, whereby the insured does not remain with the notion of having to worry about the risk (Obuochowski, 2007). As such, the insurer remains in a better position financially to pay for the loss as opposed to the insured. Risk in its form can be transferred in several ways, one of which is through a contract whereby therisk in the form of rent is transferred to the landlord for an extended period (Williams, 2007). Another form of risk transfer is the hedging of price risks, which is simply a methodology of risk transfer of unfavorable fluctuations in price (Rouse, 2004). The final form of transferring risk is through the incorporation of a company. This can be achieved when, for instance, a business exists as a sole proprietorship sothat the personal assets of the owner and the company itself can be attached.In this case the liability is limited to the stockholders who do not possess considerable assets tofulfill payments of corporate debt to their creditors for the company’s transfer of risk (Rouse, 2004).
Having ascertained the level of risk retention and transfer, an organisation or company must then decide whether to retain its risk or to transfer it. It is at this point that the needfora captive insurer arises. Thistype of insurer, in basic terms, is an insurance company that is established under the ownership of the parent company with the aim of providing insurance to the company’s exposures (Rouse, 2004). Toeffectively determine risk retention and transfer, frequency probability and matters of loss severity are used as a basis for measurement. The risk that hasa high frequency probability and a minimal loss severity is preferable for organizations to use as a form of risk retention because the occurrence of loss over an extended time period stabilizes the loss. Theapplication of risk retention can also be used as a form of managing risk at low costs, which is of benefit tothe overall insurance purchaser (Williams, 2007).
The role of risk managers in business
Risk managers shouldplay a significant role in every businessin relation to the development of the business and profit-making. Avoiding the repercussions attached to risks such as loss, harm, and cases in court depends on the effectiveness of the risk-management team. Every businessaimsto maximizeprofitability, to ensure the safety of its employees, and to provide a friendly working environment. Risk managers are normally chargedwith the full responsibility to accomplish theseobjectives asthey lead, control, organize, and manage the risk-management department within the organisation (Williams, 2007). The risk manager specifically ensures that the risk department is running effectively and is equipped with the necessary facilities to identify, avert, and curb risks. The managers heading these departments have full responsibilities more or less like their counterparts from other departments such as strategic planning and production. However, therisk manager has the additional role of integrating and monitoring every department within the business. In regards to the production department, for example, the risk manager must work with the production manager to identify risks that may arise from the production line. Risk managers monitor the running of the entire organisation to ensure that every department adheres to its production standards. Some othermain roles ofthe risk managers include:
- Identifying risks and alerting the businessmanager.
- Assessing and evaluating risks.
- Executing all the stipulated strategic procedures to avert or curb risks once they have been identified.
- Establishing strategic measures and ensuring they are implemented to avoid a recurrenceof specificrisks.
- Monitoring the entire risk-handling process (Williams, 2007).
Apart from monitoring the occurrence of risks within the business, the risk manager has the additional important task of ensuring that the environment, or the business’s surroundings, as well as society in general,arenot negatively affected by the business operational activities (Ward &Chapman, 2009).This manager also ensures that the risk-management team has acquired the necessary equipment and tools to avert or curb the risk occurrence. The success of the risk-management team depends on the effectiveness and efficiency of the risk manager, and the success of the entire business—in relation to averting or curbing risks—depends on this manager’s effective strategic planning (Ward &Chapman, 2009).
Taking a risk is a glorified task. According to an ancient Virgil, “Fortune sides with whom who dares”; to Clint Eastwood, “If you want a guarantee, buy a toaster”; and to the council of the “Sage of Omaha”, Warren Buffett, “Risk comes from not knowing what you are doing” (Ward &Chapman, 2009). Various researchers have emphasized the importance of investors learning as much as possible about an investment strategy before they take the risk of investing in it. When considering an investment it is also very wise to consider the following factors thatcan greatly assistinaverting risk:investing in equities rather than bonds (as inflation may lead to losses when investing in bonds); anddiversification, which is a technique that mixes a wide variety of investments within a single portfolio. Diversification strives to smoothen out unsystematic risk events in a portfolio so that the positive performances of some investments will neutralize the negative performances of the others (Ward &Chapman, 2009).
Risk management ensures that an organisation identifies and understands the risks to which it is exposed. It is a process of identifying and analyzing uncertainty in investment decision-making. It involves the process of determining what risks exist in an investment and handling them in a way that is best suited to the investment objectives. Risk identification is a most fundamental step in risk management where the risk event and itsrelationships are established. This helps to assess the probability and consequences such as cost, schedule, and technical performance impacts, or the functionality of those impacts. After assessing the risks critically, the risksare prioritized from the most critical to the least important. The high and medium critical risks are passed through risk-mitigation process planning and the necessary measures are taken, and progress monitoring done, to avoid more risks. Risk management entails the identification, measurement, and implementation of various strategic options to curb or limit the spread of a risk. The three criticalcomponents of risk and risk management include:
- Risk planning, which is a strategic process based on organizing a comprehensive approach to risk management. It begins with theestablishmentof the objectives and goals that the businessaims to accomplish, and follows with a plan for assessment and all procedures to ensure a successful project.
- Risk identification, which is the core determinant of successful risk-management process. The early identification of a risk not only helps the businessto avert the losses attached to the risk but it also ensures a smooth management process. However, various organizations consider risk management to be a liability as they find it difficultto funds their operations.
- Risk assessment and analysis, which entails outlining and evaluating the diversity of the projected risk. The risk-analysis process groups the projected risk intensity into matrixes such as high, moderate, or low. After grouping the risks involved, the management team can cater for the most threatening risks first, followed by those with lower likely impacts.
The above factors are essential tasks for every business’s risk-management team. Success in every step is vitally important to the effectiveness of the whole project. Failure to monitor and stipulate all the necessary measures in each of the stages listed above can cause drastic effects tothe whole process (Anghil, 2010).
Effective risk-management practice does not eliminate risks; however, by having an effective and operational risk-management practice, an organisation shows that it is committed to loss reduction or prevention and hence is a better risk to insure. The benefits of a risk-management strategy enacted by the risk manager in an organisation are numerous. For example, people exposed to a firm’s operations are now more likely to sue the firm; avoiding injuries help in defending a claim; the courts are often sympathetic to injured claimants; people are now aware of what service to expect; and organizations are held responsible for the actions of their employees. To avoid the problems associated with the risk managers are given the sole responsibility to ensure that the business averts risks.
Angel, S. (2010). Organisational risk management. Internal Auditor, 67,21-33.
Bezuyen, M. (2009).Product risks: Opportunities and challenges. Journal of Contingencies Crisis Management, 2,1-179.
David, O., & Wu, D. (2010).Enterprise risk management.Risk Management, 12,1-13.
Grace, M. (2010). Non-profit organisations and risk management values. Handbook of Research on Nonprofit Economics and Management, 1, 156-168.
Hodges, A. (2000). Emergency risk management. Risk Management, 2,7-18.
Kimura,S.,&Giner, C. (2009).Risk management under workflow.Risk management, 1,12-49.
London, D., &Dewor, E. (2011).High performance risk management for extraordinary times,Management, 1,5-29.
Mills, T. (2004).Risk management planning handbook. Journal of Environment Quality, 33,5-410.
Noor, I., & Robert, T. (2007).Contingency misuse and risk management pitfalls.AACE International, 1,15-30.
Obuochowski, J. (2007). Intelligent strategies and benefits of risk management.MIT Sloan Management Reviews, 47,6-7.
Rouse, M. (2004). Knowledge translation and risk management. Risk Management, 6,9-15.
Turner, J., &Hunsucker, L. (2009).Effective risk management using a goal based approach. International Journal of Technology Management, 17,438-458.
Ward, S., & Chapman, C. (2009).Project risk management transformation to uncertainty management.International Journal of Project Management, 21, 97-105.
Williams, T. (2007).Risk management infrastructures.International Journal of Project Management, 11,5-10.
Williams, T.(2008).Using risk for risk management integration and project definition.International Journal of Project Management, 12,17-22.