RISK MANAGEMENT FRAMEWORK (RMF)
Risk management framework is the basic structure of integrating the risk management process throughout the organization.
All companies face risk; Without risk, there is no reward. The flip side of this is that too much risk can lead to business failure. Risk management allows a balance to be struck between taking risks and reducing them.
Effective risk management can add value to any organization.
Well-run companies will have a comprehensive risk management framework in place to identify existing and potential risks and assess how to deal with them if they arise.
Effective Framework consists of: Risk Identification, Measurement, Mitigation, Reporting & Monitoring, and Governance
Risk Management Approach
Scan the Environment - Evaluates how each risk management process aligns w/ Org's overall objective.
Performs review of internal & external environment
Identify Risks - Orgs. perform risk assessment to discover risks.
Its not possible to identify all risks, but the Org. must identify key & emerging risks that may prevent the Org. from meeting its objectives
Analyze Risks - Loss exposures are analyzed by estimating the significance of the possible losses previously identified.
Applies the risk criteria to determine the source, cause, liklihood, and potential consequences of the risk
Treat Risks - Risk treatment options used to reduce the level of risk or exploit positive risks.
Compares the level of risk from the risk criteria analysis
Monitor & Review - Ensure it's achieving expected results and revise to accomodate changes in loss exposures.
Data produced during this step helps risk managers show the importance of managing risk at every level of the Org.
BENEFITS OF RISK MANAGEMENT
Tolerable Uncertainty: Provides awareness of potential losses & assurance of their effective management.
Keeping the worry of accidental loss at a tolerable level.
Reduces Downside Risk: Every type of business or speculative risk involves downside risk (incl. losses & failures)
Threshold limits reduce downside risks.
Earning Stability: Some Orgs. seek to maintain level earnings from year to year.
Requires exact forecasting of fluctuations in asset values, liability values, and risk management costs.
Anticipate & Recognize Emerging Risks: Risks with the biggest upside or downside are those the Org. doesn't anticipate.
Must monitor for emerging internal/external risks.
Business Continuity: Major goal for private entities/Essential goal for public entities.
To avoid interrupting operations for an unacceptable amount of time, Risk Managers should:
- Identify those specific activities for which continuity is essential.
- Determine the risks that could interrupt those activities and manage those risks appropriately.
Profitability & Growth: Orgs. seek to maintain at least a min. profit level & maintain a predetermined growth pattern.
Organizations meet these goals through:
- Strategic risk taking
- Identification & management of cross-enterprise risks
- Improved capital allocation
Legal & Regulatory Compliance: Satisfy legal obligations based on - the standard of care owed to others; Contracts; and Laws & regulations
Social Responsibility: Minimize the effected loss on society through risk management programs.
For moral reasons & for good public relations
Reduced Cost of Risk: Org. maintains its normal activities but with fewer and less severe accidental losses.
Reduce Deterrence Effects: Fear of future losses makes management less willing to take on activities they consider risky and deprives the Org. of the potential benefits from those activities.
COST OF RISK
Cost of Risk - The total cost incurred by an organization b/c of the possibility of accidental loss.
Cost of Losses:
Direct: inflicted by the peril itself.
Indirect: suffered as a consequence of the direct loss.
Cost of Loss Control: People; Processes; Equipment
Cost of Loss Financing: Ins premiums or expenses incurred for non-insurance indemnity
Cost of Risk Mgmt Administration:
Small Company - Risk Mgr
Larger Company - RM Staff, or also broker/agent
Financial Consequences of Risk:
1. Expected Cost of Losses or Gains - Normally incl. direct loss costs w/ indirect costs; entire effect of losses is significantly greater than the direct losses themselves
2. Expenditures on risk mgmt
3. Cost of residual uncertainty - The degree of risk that is still after individuals or orgs implement their RM programs
- For indivs, cost of residual uncertainty may incl things like lost salary or forgone investment opportunities.
- For Orgs, cost of residual uncertainty incl the effect that uncertainty on consumers, investors, and suppliers.
Costs that affect Expected Loss Costs:
Hidden costs that affect an org's Expected Loss Costs calculation:
Costs Related to Time:
- Time lost by the injured employee
- Time lost by other employees who stop work
- Time lost by foremen, supervisors, or other execs
- Time spent by first-aid attendants & hospital staff (when not paid by the insurer)
Costs Related to Damage:
- Dmg to machine, tools, or other property or the spoilage of material
- Interference w/ production, failure to fill orders on time, loss of bonuses, payment of forfeits, & other similar causes of loss
- Continuation of injured EE's wages after the employee returns to work even if the employee's svcs may temporarily be worth less than normal value
- Loss of profit on injured employee's productivity & idle machines
- Lost productivity b/c of EE's excitement or weakened morale resulting from the accident
- Overhead per injured employee
COMMON RISK CLASSIFICATIONS
(4) Quadrants of Risk:
Hazard, Operational, Financial, Strategic
Pure risks, Objective risks, and Diversifiable risks.
PURE & SPECULATIVE RISKS
- Chance of loss or no loss; no chance of gain
- Chance of loss, no loss, or gain
- Investment Risks: Inflation, Market, Financial, Interest Rate, and Liquidity Risks
- Business Risks: Price risk & Credit risk
Insurance deals mainly with risks of loss, not risks of gain; so Pure risks as opposed to Speculative risks.
OBJECTIVE & SUBJECTIVE RISKS
- Measurable variations of uncertain outcomes based on facts & data.
- Based on individual's or Org's opinions
- differs from Objective risks b/c of: Familiarity & Control; Severity over Frequency; and Risk Awareness
Assessment of risks differ due to:
1. Familiarity & Control: people tend to underestimate familiar risks and overestimate dramatic, unfamiliar risk.
2. Severity over Frequency: people tend to assign a probability of 0 to low frequency events such as natural disasters, murder, accidents. But tend to overestimate low frequency events if they have personally been exposed to previously or the events gets increased media cov.
3. Risk Awareness: people who are not aware of risks will underestimate the likelihood of loss, an org's risk mgmt efforts become more effective as the entity's subjective interpretation of risk becomes closer to its objective risks.
DIVERSIFIABLE & NONDIVERSIFIABLE RISKS
- Affects only some individuals, businesses, or small groups.
- Nonsystematic risks or Specific risks
- Can be managed by spreading the risk (diversification)
- Not highly correlated - occurs randomly; Can be managed thru diversification or spread of risk.
ex) Building fire, Care theft, Auto accident
- Affects large segments of society at the same time.
- Systematic risks and Fundamental risks
- Generally not privately insurable
ex) inflation, unemployment, EQ, Flood, hurricanes
Private Insurers tends to concentrate on Diversifiable risks; Gov't Insurers is suitable for Nondiversifiable risks
QUADRANTS OF RISK
Pure risks arising from property, liability, or personnel loss exposures. Traditionally addressed by Insurance
ex) Fire, Flood, Theft, Auto Accidents, Employee Accidents
Pure risks associated w/ an Org's processes, systems, &/or controls.
ex) Risks arising from compliance issues, legal issues, and software tools.
Speculative risks associated with an Org's financial activities.
*Market Risk, Credit Risk, Liquidity Risk, Price Risk
ex) Managing foreign exchange transactions; Investing in Assets
Speculative risks arising from an Org's long term goals and management decisions.
ex) Creating new products for a new market.
Speculative Risks in Investments
Inflation Risk: Associated with the loss of purchasing power b/c of an overall increase in the economy's price level.
Market Risk: Associated w/ fluctuations in prices of financial securities, such as stocks & bonds.
Interest-Rate Risk: Associated w/ a security's future value due to changes in interest rates.
Liquidity Risk: Associated w/ not being able to liquidate an investment easily and at a reasonable price.
Financial Risk: Associated w/ the ownership of securities in a company having large amt of debt on its balance sheet. *If the company defaults on its debt obligations, its creditors might force it into bankruptcy.
Business Risk: Associated w/ the fluctuation in company's earnings & its ability to pay dividends & interest.
Exposure - Any condition that presents a possibility of gain or loss, whether or not an actual loss occurs.
Provides a measure of the max potential dmg associated with an occurrence.
if risk is nondiversifiable, the risk increases as exposure increases.
Volatility - Indicates how much and how quickly the value of an investment, market, or market sector changes.
refers to the frequent fluctuations, such as fluctuations in the price of an asset.
Likelihood - A quantitative estimate of the certainty with which the outcome of a specific event can be predicted.
refers to the chance that a given outcome will occur
Consequences - Measures the degree to which an occurrence could positively or negatively affect the organization.
Time Horizon - Refers to the estimated duration of the risk.
The longer the time horizon, the greater the risk.
Correlation - Relationship btwn variables.
Similar risks are usually highly correlated.
Higher the correlation, the higher the risk.
Should be applied to the Org's overall risk portfolio