The significance of risk management

TODAY, we revisit an article published on March 31, 2020 on risk management, which is an excerpt from my book titled ‘Basics of Insurance, The Zambian Experience: From Local to Global.’
The article gains significance given that the whole world is still grappling with the coronavirus and its associated effects.
Risk management is not a phenomenon. It is often used unintentionally.
Human beings inherently practise risk management in their day-to-day activities on a subjective basis.
It is also true of other animals, although it is in less complex environments.
For example, why would a lion go after a wounded calf instead of a full-grown bull? This is because a small wounded calf is more comfortable with killing; it is almost confident that the lion will succeed.
Although it has lesser meat, it is a safer option than going after a giant animal with a higher risk of failure and injury from the lion’s point of view. In a sense, this is risk management.
Risk management means managing risks.
A more formal explanation of risk management is when it is used to refer to a logical and formalised methodology of identifying, classifying, analysing and responding to risk – then monitoring and controlling the resultant management process to ensure that the risks involved remain effectively managed in the long term.
There are different risk management systems used by various organisations.
The design or framework should not be so much of an issue provided an organisation or individual understands what they are trying to achieve.
Risk management is a framework (Wallace et al., 2013) that involves the stages discussed below.
Risk context
This stage involves the establishment of where the risk lies within the organisation. The importance of this stage is to deal with the threat in the right context.
For example, is the risk at an operational level or strategic level? Simple answers to questions like: how will the risk impact the organisation or does the risk only impact one process or the entire organisation, helps in putting the risk into context.
Risk identification
The risk identification process brings to light all risks that are relevant to a particular process or functionality.
It is essential to identify all the possible dangers from both the internal and external environment.
Different techniques can be used to achieve this, such as brainstorming or a cause-and-effect strategy, i.e. where a process is analysed end to end.
Risk classification, analysis and evaluation
Once a risk has been identified, it is essential considering the type of risk and its effect on the organisation.
A simple risk map showing likelihood and impact can be constructed to help the organisation have a better understanding of the risk.
Risk attitude
Risk appetite is concerned with the attitude of the decision-maker or the organisation and the effects that can have on risk assessment.
The decision can either be a risk-taker or a risk-averse person. This attitude has a big part to play on the decisions that the organisation will take, for example on the decision to take insurance; a risk-averse person is likely to take up more insurance than a risk-taker.
Risk response
The next stage is to decide what to do with the identified risk; to keep it or transfer it. It includes introducing the risk-handling strategy in the business plan and establishing a risk holder and response where appropriate.
At this stage, insurance becomes a critical option. Further analysis needs to be done on what type of insurance to take or if self-insurance be considered.
Monitoring and review
Once decisions have been made on which risk management system to implement, what follows is monitoring and review.
Risk management is not a one-off exercise; it is something done continuously through feed and formal documentation to ensure that there are ongoing control and monitoring.
Any sound risk management system should be adequate.
There is no point in having an excellent design that is not effective.
It must be able to respond to the risks as they occur, and the system should take a holistic view of the enterprise-wide risk management system (EWR).
It brings in the aspect of interconnectedness.
Risks should not be viewed in isolation. It is crucial to understand how one risk impacts other departments of an organisation.
For example, a simple threat of failing to renew a trading licence by one member of staff can result in closing an otherwise profitable business.
Any risk management system should be pragmatic.
It does not make sense to have a sophisticated system which is unrealistic or too complicated to understand.
The risk management system must be practical.
Lastly, any effective risk management system needs to be cost-effective.
The benefits or advantages should outweigh the disadvantages.
For example, it does not make logical sense to spend US$10,000 to save US$1,000. Notwithstanding, investment in risk management should be an organisation’s policy which must be budgeted for accordingly.
For comments or questions email or or visit the Facebook group; Insurance Platform or follow me on LinkedIn on my Facebook page.

Facebook Feed