Improving Your Risk Intelligence - Step 2: Implementing Your Programs
Issue #17
July 30, 2007
Once you have assessed your risks, the next step is to develop strategies that can be implemented to address those risks. This includes prioritizing the risks, agreeing on a course of action, assigning responsibilities, and establishing time frames for completion.
Prioritizing the risks is a by-product of the risk mapping worksheet created in Step 1 (see the last issue of risKey). Those risks that have a high probability and impact potential (red zone) are given high priority. Moderate priority risks (yellow zone) are then listed, followed by low priority (green zone) risks.
A course of action is then developed for each risk. A variety of techniques may be considered; with some of the more common ones involve either stopping losses from happening (risk control) or paying for those losses that inevitably do occur (risk financing).
Risk control includes those risk management techniques designed to minimize the frequency or severity of accidental losses or to make losses more predictable. Risk control techniques include exposure avoidance, loss prevention, loss reduction, segregation of loss exposures and contractual transfers to shift losses to others, both legally and financially.
- Exposure avoidance eliminates entirely any possibility of loss. It is achieved either by abandoning or never undertaking an activity or an asset. Examples include discontinued products, processes, or a change in facility.
- Loss prevention aims to reduce the frequency (or the likelihood) of a particular loss. Examples include safety programs and training.
- Loss reduction aims to lower the severity of a particular loss. Examples are prompt claim reporting, sprinklers and alarms, and light duty programs.
- Segregation of loss exposures involves arranging an organization’s activities and resources so that no single event can cause simultaneous losses to all of them. It may take one of two forms: separation or duplication. Examples would be inventory at different warehouses, raw materials from different suppliers, spare parts for machines, and duplicate records.
- Contractual transfer for risk control is a transfer of legal and financial responsibility for a loss. The organization to which the transfer is made (the transferee) then bears all financial and legal responsibility for any loss which the transferring organization (the transferor) might otherwise have suffered in the event of an accident.
Risk financing techniques encompass all the ways of generating funds to pay for losses that risk control techniques do not entirely stop from happening. Risk financing techniques can be classified into two groups, retention and transfer. Most businesses generally use a combination of the two types of risk financing techniques.
- Retention includes all means of generating funds from within to pay for losses. In order of increasing administrative complexity, the retention options open to any private business organization are (1) current expensing of losses; (2) using an unfunded loss reserve (an accounting entry denoting a potential liability to pay for a loss); (3) using a funded loss reserve (a reserve backed by earmarked funds set aside within the organization); (4) borrowing funds to pay for losses; and (5) insuring through an affiliated “captive” insurer.
- Transfer includes all means of generating funds from outside organizations to pay for losses. The two risk financing techniques through which one organization can transfer the financial burden of losses to another are (1) insurance purchased from an outside, unaffiliated insurer (usually called “commercial insurance”) and (2) non-insurance transfers (to a transferee other than an insurance company through a type of agreement often called a “hold harmless agreement”).
Once the appropriate techniques are agreed upon, individuals responsible for completing each course of action are identified and assigned. Finally, time frames are established for starting and completing the actions required.
The result is a strategic risk management plan which allows you to move forward in implementing the programs necessary to address the risks faced by your company.
In the next issue of risKey, we will discuss step 3 of the process, monitoring your results.