BBA461: Insurance and Risk

Management
Introduction to risk management
• “Risk management” helps an organization to identify, evaluate,
analyze, monitor, and mitigate the risks that threaten the
achievement of the organization's strategic objectives in a
disciplined and systematic way
Types of Business Risks

• A business risk threatens a company's financial goals. Business

risks can be categorized as internal or external risks and can
include:
• Political changes
• Cybersecurity threats
• Threats to reputation
• Mergers and acquisitions
• Health crises
• Location hazards
TYPES OF RISKS IN BUSINESS
• 1. Compliance risk
• 2. Legal risk
• 3. Strategic risk
• 4. Reputational risk
• 5. Operational risk
• 6. Human risk
• 7. Security risk
• 8. Financial risk
• 9. Competition risk
• 10. Physical risk
Essential Steps of A Risk Management Process
• Step 1: Identifying Risks.
• Step 2: Risk Assessment.
• Step 3: Prioritizing the Risks.
• Step 4: Risk Mitigation.
• Step 5: Monitoring the Results.
TYPES OF RISK MANAGEMENT
• Risk Avoidance – Avoidance of risk means withdrawing from a risk
scenario or deciding not to participate.
• Risk Reduction – The risk reduction technique is applied to keep risk
to an acceptable level and reduce the severity of loss through.
• Risk Transfer – Risk can be reduced or made more acceptable if it is
shared.
• Risk Retention – When risk is agreed, accepted, and accounted for in
budgeting, it is retained.
Sources of Risk
• Operating Profit
• Cash Flow
• Employee-Related Issues
• International Risk
• 1. Decision/Indecision
• 2. Business Cycles/Seasonality
• 3. Economic/Fiscal Changes
• 4. Market Preferences
• 5. Political Compulsions
Sources of Risk
• 6. Regulations
• 7. Competition
• 8. Technology
• 9. Non-availability of Information
Methods of handling Risk
• AVOIDANCE,
• RETENTION,
• TRANSFERRING,
• SHARING, AND
• LOSS REDUCTION
Business Risk Exposures
• Risk exposure is a measure of possible future loss (or losses)
which may result from an activity or occurrence. In business,
risk exposure is often used to rank the probability of different
types of losses and to determine which losses are acceptable or
unacceptable.
• Risk exposure in any business or investment is the
measurement of potential future loss due to a specific event or
business activity and is calculated as the probability of the event
multiplied by the expected loss due to the risk impact. A risk
exposure calculator is used to differentiate the losses that are
acceptable or unacceptable for a business.
Risk exposure
• Risk exposure is a quantification of the vulnerability of an individual,
organization, or asset to adverse events or uncertainty. It can show how
susceptible an entity may be to financial, operational, or reputational losses
as a result of security breaches, market fluctuations, natural disasters,
technological failures, legal liabilities and more. The extent of exposure to
risk depends on numerous factors:
• what the entity does,
• where it is geographically located, what industry it operates in,
• its financial structure, and
• the risk management strategies it has in place.
Types of risk exposure
1. Cybersecurity risk – Threats to digital systems, data breaches, and unauthorized access (more on this below)
2. Operational risk – Risk arising from errors, fraud, system failures, and disruptions to business operations owing
to systems, people, or external events
3. Market risk – Potential losses resulting from fluctuations in interest rates, foreign exchange rates, stock prices,
or other market conditions
4. Political/geopolitical risk – Risk from changes in political landscapes, policies, or international relations
5. Reputational risk – Potential harm from negative public perception about an organization’s brand,
trustworthiness, and success
6. Legal/regulatory risk – Non-compliance with laws, regulations, or industry standards, which can lead to legal
actions or fines
7. Environmental risk – Risk resulting from climate change, natural disasters, and ecological concerns
•
Process to calculate Risk exposure
• Risk exposure management involves assessing the potential impact of various risks on a specific entity,
investment, project, or portfolio. While the exact approach may vary depending on the context, here’s a general
process to calculate risk exposure:
• Identify Risks: Start by identifying and listing all the potential risks that could affect the entity or investment. These
could include financial risks, operational risks, market risks, legal risks, and more.
• Assess Probability: Estimate the likelihood of each identified risk occurring. This could be expressed as a
percentage or a qualitative assessment (low, medium, high).
• Quantify Impact: Determine the potential financial or non-financial impact of each risk if it were to occur. This could
involve estimating monetary losses, delays, reputational damage, or other negative consequences.
• Calculate Expected Loss: Multiply the probability of each risk by its corresponding impact. This gives you the
expected loss for each risk event.
• Aggregate Expected Losses: Sum up the expected losses from all identified risks. This provides an overall
estimate of the potential impact of multiple risks.
• Consider Correlations: If some risks are interrelated, consider their correlations. Some risks might amplify or
mitigate each other’s impact when they occur simultaneously.
• Adjust for Mitigation Measures: If the entity or investment has implemented risk mitigation measures (such as
hedging, diversification, or insurance), adjust the expected losses accordingly.
• Report and Analyze: Present the aggregated expected losses as the risk exposure. Analyze the results to prioritize
risks based on their potential impact and likelihood.
How to calculate risk exposure?

• To calculate risk exposure, organizations conduct a systematic assessment of potential

threats and their impacts, which generally involves the following steps:
• Identify and categorize relevant risks, taking into consideration factors such as market
conditions, operational processes, legal requirements, and technological vulnerabilities
• Assess the likelihood of each risk identified occurring and estimate the potential magnitude
of its impact
• Quantify the likelihood and impact of each risk, calculating a risk exposure score
• Prioritize various risks based on exposure scores, focusing resources on high-exposure
areas
• Mitigate and manage identified risks via risk mitigation strategies such as risk avoidance,
risk transfer, risk reduction or risk acceptance
• Monitor and continuously review the effectiveness of risk management strategies –
adjusting as necessary based on emerging risks or evolving circumstances
Risk identification

• Risk identification is identifying potential business risks and

analyzing them to learn about their effects on the business.
Risks come in many forms for businesses and different
industries may have different risks. For example, a software
development company and a construction company may share
the risk of losing revenue if they don't upgrade their tools for
modern processes.
• Risk identification allows a business's leadership team to learn
more about the risks the company may face and create
solutions to the challenges behind the risk. It also can help
provide a clear picture of a business's risk factors for bank loans
or investor funds.
 Ways to identify risk

• 1. Brainstorming
• 2. Stakeholder interviews
• 3. NGT technique
• 4. Affinity diagram
• 5. Requirements review
• 6. Project plans
• 7. Root cause analysis
• 8. SWOT analysis
Strengths: Areas where the team excels and how they relate to projects.
Weaknesses: Areas where the team can improve to increase productivity and
efficiency.
Opportunities: Areas where the team or business can improve or expand.
Threats: Areas of risk for the project or business and how the team can minimize
those risks.
FINANCIAL EXPOSURE
• In finance, exposure refers to the amount of money invested in
a particular asset. It represents the amount that an investor
could lose on an investment. Financial exposure can be
expressed in monetary terms, or as a percentage of an
investment portfolio.
• Financial exposure refers to the risk inherent in an investment,
indicating the amount of money an investor stands to lose.
• Experienced investors usually seek to optimally limit their
financial exposure which helps maximize profits.
• Asset allocation and portfolio diversification are broadly used
strategies for managing financial exposure.
• The situation of people, infrastructure, housing, production
capacities and other tangible human assets located in
hazard-prone areas. Annotation: Measures of exposure can
include the number of people or types of assets in an area.
Exposures of Human Assets

• The situation of people, infrastructure, housing, production capacities and other tangible human
assets located in hazard-prone areas. Annotation: Measures of exposure can include the number of
people or types of assets in an area.
Legal liability exposures
• Examples of liability exposures are bodily injury or death of
customers, product liability, completed operations (i.e., faulty
work away from the premises), environmental pollution,
personal injury (e.g., false arrest, violation of right of privacy),
sexual harassment, and employment discrimination.
LEGAL LIABILITY EXPOSURE
• Legal liability is the responsibility to remedy a wrong done to another
• Special damages, general damages, and punitive damages are the types of
monetary remedies applied to liability
• Liability exposure arises out of statutory law or common law and cases are heard
in criminal or civil court
• Negligent actions may result in liability for losses suffered as a result
• Liability through negligence is proven through existence of a duty to act (or not
act) in some way, breach of the duty, injury to one owed the duty, and causal
connection between breach of duty and injury
• Defenses against liability include assumption of risk, contributory negligence,
comparative negligence, last clear chance, and immunity
• Modifications to help the plaintiff in a liability case include res ipsa loquitur, strict
liability, vicarious liability, and joint and several liability
Evaluating the Frequency and
Severity of Losses
• To calculate the frequency and severity of a loss, you need to go through a few
steps.
• The first step is to estimate the average loss per occurrence.
• The second step is to estimate the cumulative losses over time.
The frequency-severity method has a few limitations
• The frequency-severity method is an actuarial method for determining the
expected number of claims an insurer will receive during a time period and the
average claim's cost.
• Frequency refers to the number of claims an insurer anticipates will occur over a
given period of time.
• Severity refers to the costs of a claim—a high-severity claim is more expensive
than an average claim, and a low-severity claim is less expensive.
• The frequency-severity method is one option that insurers use to develop models.
• When assessing the risk of a business, insurance companies look at three
factors when it comes to their claims; the cause(s) of loss, the frequency of
similar incidents and the severity of each. Claims are typically categorize
them into these four classifications:
• 1. Low Frequency – Low Severity
2. High Frequency – Low Severity
3. High Frequency – High Severity
4. Low Frequency – High Severity
• With these four classifications in mind, the business owner can decide how
to best handle losses to be viewed as a better insurance risk to the insurance
companies.
Unit 2 : Risk identification and
measurement