Over the past few decades we have seen a steady movement towards a more managerial response to these forms of risk. What has emerged is the discipline of risk management. We could define risk management as "the identification, analysis and economic control of those risks which can threaten the assets or earning capacity of an enterprise."
; p& |& P. ?" T( W1 t& D: s8 x This definition is valuable because it highlights the structured approach which is called for if risks to the business environment are to be managed.! ^* } Q2 z* J/ r1 B! D
The three-fold nature of risk management is highlighted in the definition. Risks must be identified before they can be measured, and only after their impact has been evaluated can we decide on the most effective method of control.4 h1 Z/ u. }9 q8 B
However we decide to control risk, it must be "economic." There is no point in spending ten pounds to control a risk which can only ever cost five pounds. There will always be a point where spending on risk control has stop.
, [3 d" N: A" i+ w" U The definition mentions the assets and earning capacity of an organization. These assets can be physical or human; they are both important and risk management must be seen to have a part to play in both. However, risks do not only strike at assets directly and for this reason the definition also mentions the earning capacity of an enterprise.
5 r: K& V: Y5 A$ R$ @ Note that the definition uses the word "enterprise" rather than a more restrictive word such as "company" or "manufacturer". The principles of risk management are just as applicable in the service sectors as they are in the manufacturing sectors, and are of equal importance in the public and private sectors of the economy.
6 j+ z& l1 j# m) m6 q" Z" Z8 M When considering risk identification we must remember to take the broad view. We are not solely concerned with what can be insured, or even with what can be controlled. We start from the very basic question, "How can the assets or earning capacity of the enterprise be threatened?" Starting from this position does not place any constraint on us as to what kind of risks we are looking for. We must begin the task in an unblinking manner and identify the whole host of ways in which an organization may be impeded from achieving its objectives.; @ ^. P9 {: A8 K) v* M4 P
We could say that there are at least two essentials if risk identification is to be effective.
4 C( f; ?9 T) z* b Firstly, risk identification must be importantly recognized within an enterprise. When this is case, it is often marked down as a task within the job descriptions of a particular manager.& R6 _" B |' b2 j V* ?: W
Secondly, the person responsible for risk identification must be armed with the relevant "tools of the trade" and must make use of them.
! \( E$ [! M/ i2 d6 V# f Once it has been identified that there is a risk, steps have to be taken to measure the potential impact of that risk on the organization. In a practical sense the measurement of risk starts with the gathering of information, followed by tile analysis of past experience, and then moves on to see what the data tells us about the level of frequency and severity of the risk to which an organization is exposed.
. }# {& `2 E4 R, Q# k A We can split the whole area of risk control into physical and financial control.3 c) S" |) k% \
Physical risk control
5 ]" }- P# f4 } We are concerned here with physical steps which can be taken in order to control risk. The first step must be to reduce the level of the risk as far as possible. This means both the chance that something will happen and the severity of the incident, should it occur. There are at least two ways in which we could understand risk reduction.( ? K7 O* H. S* m' D% p
Pre-loss risk reduction
; r) g& \+ [6 {' z It is possible to take steps before any event has occurred to minimize risk. The essence of pre-loss reduction of risk is that the effects of the loss are anticipated and steps are taken to ensure that they are kept to a minimum.1 |3 _/ a* `* E9 _
Wearing a car seatbelt is a good, personal example. There has been no loss, but the possible effect of a loss has been anticipated and the pre-loss risk reduction step of wearing a belt has been taken.
7 P. d: Z4 q, f/ g3 c The use of safety guards on machinery, is an industrial equivalent. There has been no injury, but steps have been taken to reduce the risk of injury.
& p! S* p& ~4 b Post-loss risk control6 ^8 `1 g9 G1 [8 I( f7 }
This form of risk control imagines that the risk has occurred and takes steps to minimize the effect of the loss. The use of automatic fire sprinkler systems fits into this category. Once the fire has started, the sprinklers operate to reduce the impact of the fire. |