Enough with the vagueness. Let’s start with a definition.
Since Risk is the uncertainty of a positive or negative outcome arising out of a given set of circumstances, and Management is handling, directing, governing, and controlling actions, Risk Management is purposefully handling uncertain circumstances that may come your way.
Another definition, which is geared specifically to businesses, is: Managing and minimizing the uncertainty of exposures that can adversely affect an organization’s assets and financial statements.
In the business world, risk management is a process that helps a business progress, grow, and flourish by implementing a specific set of protocols geared toward handling the uncertainties about the future.
That sounds complex and academic. However, we all manage our risks, whether informally as people carrying on through daily life, or formally as a business through a Risk Management program.
These are all examples of someone taking action to prevent or minimize the impact of bad things happening, whether done formally through a program, or informally by using common sense and real-life experience.
There are advantages to having a formal Risk Management Program as opposed to an informal one, which is just relying on the instincts and intuition of the decision maker. But how do you start a such a program? It would take longer than one blog post to describe, but it starts with this process:
Identify. You have to see all the potential bad things that could happen and be aware of them. This is the most important step because you can’t manage what you don’t know about.
Analyze. This is where you quantify the risks that you’ve identified. You measure them. How much? How big? How frequent? What is the potential impact of this particular risk?
Control. Now that you’ve identified a risk and assessed its potential impact, how do you control it? There are five different methods.
1) Avoid. Opt out. The risk is too great – it’s not worth taking on. This would be the restaurant that decides against delivery.
2) Prevent. Take a proactive approach to mitigating a loss. This would be the winery that installs sprinklers in its storage room.
3) Reduce. There a number of ways to make reductions. This would be the cookie manufacturer that doesn’t stockpile cookies.
4) Segregate. This would be the farmer that made separate haystacks instead of just one.
5) Transfer. Delegate or transfer it to someone else. This can be through hold harmless agreements or contracts where you get another party to assume your risk. This would be the General Contractor that subbed out parts of his work to the electrician.
Finance. There is always going to be a total cost of risk. You will always pay some amount to prevent, avoid, transfer, etc., those risks you incur. A formal Risk Management Program requires that you be prepared. There are three different categories.
1) Retain. These are internal funds used to pay for cost-incurring risks. Whether you pay for a deductible on your insurance policy or for the entire building when the building burns down, you will have an out of pocket cost.
2) Transfer. These are external funds used to pay for cost-incurring risks. Like above, the general contractor transferred the risk of electrical installation to the electrician, if something goes wrong, the electrician will pay the costs.
3) Insure. This is where insurance finally gets involved. It’s technically a transfer of risk to another party but it gets its own category because it’s a little different than other transfers. Insuring is paying a known cost upfront for an unknown potential loss.
Administrate. Risk Management is not a one-time thing. There needs to be ongoing implementation and monitoring of the processes above.
There they are; the five basic steps of a Risk Management program. You may be wondering what those advantages that I mentioned above are. Does it really seem worth it? Do you really need one? I’ll give you two advantages to start with:
1) It will prevent a lot of bad things from happening that hinder, strain, and keep your business from growing. Losses, injuries and other damaged goods, whether insured or not, only hold you back. It is simply better for your business to not have fires to put out, or at least put a small known number of fires out.
2) It will give back some of the leader or CEO’s most precious commodity: time. Whereas without a formal Risk Management Program the leader must rely on snap judgments or last minute decisions (because he or she doesn’t have the time to effectively identify and analyze risks, come up with controls and with financing methods, and then administrate the process), a formal Risk Management Program delegates it to a dedicated Risk Manager.
Admittedly, small businesses may not be too interested in this, but as a business grows and desires to continue growing, a formal Risk Management Program becomes more of an advantage, and even perhaps a necessity.
I’m the commercial producer and owner at Gillespie Insurance Services.
Gillespie Insurance Services helps people and businesses in California, Arizona and Nevada.