What Is Risk Management?

What is Risk Management?  A common misconception among those that have ever pondered the phrase is that Risk Management is insurance.  But that is not the case.  The truth is that Risk Management does often involve insurance.  It is, however, larger than insurance and involves certain ways of thinking, processes, and procedures.

Enough with the vagueness.  Let’s start with a definition.

Since Risk is the uncertainty of a positive or negative outcome arising out of a given set of circumstances, and Management is handling, directing, governing, and controlling actions, Risk Management is purposefully handling uncertain circumstances that may come your way.

Another definition, which is geared specifically to businesses, is:  Managing and minimizing the uncertainty of exposures that can adversely affect an organization’s assets and financial statements.

In the business world, risk management is a process that helps a business progress, grow, and flourish by implementing a specific set of protocols geared toward handling the uncertainties about the future.

That sounds complex and academic.  However, we all manage our risks, whether informally as people carrying on through daily life, or formally as a business through a Risk Management program.

• When you take a longer commute through a safe part of town rather than a potentially quicker route through an unsafe part of town, you are managing risk.

• When a cookie manufacturer makes and stores just enough inventory to ship so that the cookies go out fresh and don’t sit around the warehouse and go stale, it is managing risk.

• When a farmer puts his hay into five different separate stacks rather than one large stack to minimize the damage if a fire were to occur, it is managing risk.

• When a restaurant decides against offering delivery services to minimize the potential costs of an employee getting in a car accident, it is managing risk.

• When a winery installs a burglar alarm and fire sprinklers in its storage room, it is managing risk.

• When a general contractor decides to use an electrician as a subcontractor to install electrical systems in a new tract home development rather than install them itself, it is managing risk.

These are all examples of someone taking action to prevent or minimize the impact of bad things happening, whether done formally through a program, or informally by using common sense and real-life experience.

There are advantages to having a formal Risk Management Program as opposed to an informal one, which is just relying on the instincts and intuition of the decision maker.  But how do you start a such a program?  It would take longer than one blog post to describe, but it starts with this process:

Identify.  You have to see all the potential bad things that could happen and be aware of them.  This is the most important step because you can’t manage what you don’t know about.

Analyze. This is where you quantify the risks that you’ve identified.  You measure them.  How much?  How big?  How frequent?  What is the potential impact of this particular risk?

Control.  Now that you’ve identified a risk and assessed its potential impact, how do you control it?  There are five different methods.

1) Avoid.  Opt out.  The risk is too great – it’s not worth taking on.  This would be the restaurant that decides against delivery.

2) Prevent.  Take a proactive approach to mitigating a loss.  This would be the winery that installs sprinklers in its storage room.

3) Reduce.  There a number of ways to make reductions.  This would be the cookie manufacturer that doesn’t stockpile cookies.

4) Segregate.  This would be the farmer that made separate haystacks instead of just one.

5) Transfer.  Delegate or transfer it to someone else.  This can be through hold harmless agreements or contracts where you get another party to assume your risk.  This would be the General Contractor that subbed out parts of his work to the electrician.

Finance.  There is always going to be a total cost of risk.  You will always pay some amount to prevent, avoid, transfer, etc., those risks you incur.   A formal Risk Management Program requires that you be prepared.  There are three different categories.

1) Retain.  These are internal funds used to pay for cost-incurring risks.  Whether you pay for a deductible on your insurance policy or for the entire building when the building burns down, you will have an out of pocket cost.

2) Transfer.  These are external funds used to pay for cost-incurring risks.  Like above, the general contractor transferred the risk of electrical installation to the electrician, if something goes wrong, the electrician will pay the costs.

3) Insure.  This is where insurance finally gets involved.  It’s technically a transfer of risk to another party but it gets its own category because it’s a little different than other transfers.  Insuring is paying a known cost upfront for an unknown potential loss.

Administrate.  Risk Management is not a one-time thing.  There needs to be ongoing implementation and monitoring of the processes above.

There they are; the five basic steps of a Risk Management program.  You may be wondering what those advantages that I mentioned above are.  Does it really seem worth it?  Do you really need one?  I’ll give you two advantages to start with:

1) It will prevent a lot of bad things from happening that hinder, strain, and keep your business from growing.  Losses, injuries and other damaged goods, whether insured or not, only hold you back.  It is simply better for your business to not have fires to put out, or at least put a small known number of fires out.

2) It will give back some of the leader or CEO’s most precious commodity: time.  Whereas without a formal Risk Management Program the leader must rely on snap judgments or last minute decisions (because he or she doesn’t have the time to effectively identify and analyze risks, come up with controls and with financing methods, and then administrate the process), a formal Risk Management Program delegates it to a dedicated Risk Manager.

Admittedly, small businesses may not be too interested in this, but as a business grows and desires to continue growing, a formal Risk Management Program becomes more of an advantage, and even perhaps a necessity.