This is “The Risk Management Function”, section 4.1 from the book Enterprise and Individual Risk Management (v. 1.0). For details on it (including licensing), click here.
For more information on the source of this book, or why it is available for free, please see the project's home page. You can browse or download additional books there. To download a .zip file containing this book to use offline, simply click here.
Traditionally, a firm’s risk management function ensured that the pure risks of losses were managed appropriately. The risk manager was charged with the responsibility for specific risks only. Most activities involved providing adequate insurance and implementing loss-control techniques so that the firm’s employees and property remained safe. Thus, risk managers sought to reduce the firm’s costs of pure risks and to initiate safety and disaster management.
Typically, the traditional risk management position has reported to the corporate treasurer. Handling risks by self-insuringRetaining the risk within the firm. (retaining risks within the firm) and paying claims in-house requires additional personnel within the risk management function. In a small company or sole proprietorship, the owner usually performs the risk management function, establishing policy and making decisions. In fact, each of us manage our own risks, whether we have studied risk management or not. Every time we lock our house or car, check the wiring system for problems, or pay an insurance premium, we are performing the same functions as a risk manager. Risk managers use agents or brokers to make smart insurance and risk management decisions (agents and brokers are discussed in Chapter 7 "Insurance Operations").
The traditional risk manager’s role has evolved, and corporations have begun to embrace enterprise risk management in which all risks are part of the process: pure, opportunity, and speculative risks. With this evolution, firms created the new post of chief risk officer (CRO). The role of CROs expanded the traditional role by integrating the firm’s silos, or separate risks, into a holistic framework. Risks cannot be segregated—they interact and affect one another.
In addition to insurance and loss control, risk managers or CROs use specialized tools to keep cash flow in-house, which we will discuss in Chapter 6 "The Insurance Solution and Institutions" and Chapter 7 "Insurance Operations". Captives are separate insurance entities under the corporate structure—mostly for the exclusive use of the firm itself. CROs oversee the increasing reliance on capital market instruments to hedge risk. They also address the entire risk mapA visual tool used to consider alternatives of the risk management tool set.—a visual tool used to consider alternatives of the risk management tool set—in the realm of nonpure risks. For example, a cereal manufacturer, dependent upon a steady supply of grain used in production, may decide to enter into fixed-price long-term contractual arrangements with its suppliers to avoid the risk of price fluctuations. The CRO or the financial risk managers take responsibility for these trades. They also create the risk management guideline for the firm that usually includes the following:
Writing risk management manuals set up the process of identification, monitoring, assessment, evaluation, and adjustments.
In larger organizations, the risk manager or CRO has differing authority depending upon the policy that top management has adopted. Policy statements generally outline the dimensions of such authority. Risk managers may be authorized to make decisions in routine matters but restricted to making only recommendations in others. For example, the risk manager may recommend that the costs of employee injuries be retained rather than insured, but a final decision of such magnitude would be made by top management.
A typical risk management function includes the steps listed above: identifying risks, assessing them, forecasting future frequency and severity of losses, mitigating risks, finding risk mitigation solutions, creating plans, conducting cost-benefits analyses, and implementing programs for loss control and insurance. For each property risk exposure, for example, the risk manager would adopt the following or similar processes: