Risk Management and Auditing Overview

Questions and Answers

What does retrocession refer to in the context of insurance?

• The process of a primary insurer transferring part of its risk to a secondary insurer (correct)
• The portion of risk that an insurance company opts to retain
• The method of calculating the cost associated with high-probability events
• An agreement where a secondary insurer covers all losses of a primary insurer

Which category of accident causes is NOT part of the Human Factors Theory by David Yates?

• Overload
• Inappropriate worker response
• Inappropriate activities
• Technical failure (correct)

What is the primary responsibility of a front-line supervisor in the context of vicarious liability?

• To conduct incident investigations following an injury (correct)
• To manage the risk analysis procedures
• To negotiate insurance claims on behalf of employees
• To implement safety training for all workers

In Fault Tree Analysis (FTA), what does the top-level event represent?

The main hazard being evaluated in the analysis (B)

Which of the following statements about risk and hazard is accurate?

Risk refers to the probability of occurrence of an injury or loss. (D)

What does a combined ratio of less than 100 indicate for an insurer?

The insurer is making a profit from underwriting insurance. (A)

Which COPE element refers to how a property is used?

Occupancy (A)

What is included in the analysis of morale hazard?

Property owner's attentiveness to risk (B)

What is the primary purpose of supplemental information for underwriters?

To help assess the quality of a property account (A)

In terms of fire protection, what is a characteristic of public fire protection?

It is available through governmental authority for all properties within a defined area. (A)

What does a retention ratio indicate about an insurer?

It shows the percentage of expiring policies the insurer renews. (B)

Which of the following best defines 'Loss Run' in an insurance context?

A report detailing an insured's history of losses over a set period. (D)

Which of the following techniques is NOT part of the 5-S housekeeping method?

Systemize (A)

What does a combined ratio of over 100 indicate in underwriting?

Underwriting loss (C)

In risk management, which financial consideration involves analyzing various types of insurance?

Forecasted losses (A)

What is the primary concern regarding underwriting elements?

Loss severity (C)

Which of the following best describes facultative reinsurance?

Reinsurance of individual loss exposures chosen by the primary insurer (C)

What does the retention ratio indicate in underwriting?

Percentage of expiring policies that are renewed (B)

Which assessment uses numerical estimates based on historical occurrences to evaluate risk?

Quantitative assessment (A)

Which of the following is NOT a step in the EPA Human Health Risk Assessment process?

Cost analysis (D)

What is Single Loss Expectancy (SLE) calculated by?

Multiplying Exposure Factor by Asset Value (B)

What is the primary concern for underwriters in umbrella and excess liability underwriting?

Loss severity (D)

Which type of reinsurance allows the primary insurer to selectively submit loss exposures?

Facultative reinsurance (C)

What do underwriting guidelines primarily communicate?

The underwriting policy of the insurer (C)

What is a hazard in the context of risk management?

A condition affecting the severity of a loss (A)

What technology does telematics utilize to help assess risks?

Wireless communication and GPS tracking (B)

Which statement correctly describes catastrophe insurance?

It's designed for low-probability, high-cost events. (A)

What does predictive modeling blend to forecast future outcomes?

Historical data with various variables (A)

Which of the following is correct about retrocession?

It involves transferring risk to a secondary insurer. (C)

What are the three broad categories of accident causes in the Human Factors Theory?

Overload, inappropriate worker response, inappropriate activities (B)

What is the primary focus of loss analysis for underwriters?

Identification of loss exposures (A)

What element is essential for underwriters to analyze in addition to the insured's operations?

Catastrophe loss exposures (B)

Which of the following is NOT a part of the Hierarchy of Controls?

Quality control (A)

What is the primary function of facultative reinsurance?

Allows primary insurers to choose which losses to submit (C)

Which tool uses technology to transmit data via wireless communication for predictive assessment?

Telematics (C)

In risk management, what constitutes a hazard?

A condition increasing loss frequency or severity (A)

Which of the following best describes predictive modeling?

Blending historical data with multiple variables for future outcomes (C)

What is essential for conducting a thorough incident investigation?

Responsibility of the front-line supervisor (B)

What role does loss severity play in underwriting?

It is the primary consideration in excess liability underwriting (A)

Which of the following statements about underwriting guidelines is true?

They define the characteristics of insured accounts. (B)

Flashcards

COPE elements

Elements like construction, occupancy, protection, and external exposures. These factors are analyzed by underwriters to assess the risk associated with commercial properties.

Loss Run

A report that lists all the claims an insured has made over a specific duration.

Morale hazard

A situation of indifference or carelessness that increases the likelihood or severity of a loss.

Fire Division

A section within a building designed to isolate fire. It prevents fire from spreading to adjacent areas.

Rating Plan

A set of guidelines that outline the criteria for exposure base, exposure unit, and the rate per exposure unit to determine premiums for a specific insurance line.

Retention ratio

The percentage of expiring policies that an insurer renews.

Combined ratio

A ratio that measures the profitability of an insurer's underwriting operations. Less than 100 indicates profit, while more than 100 suggests a loss.

Catastrophe insurance

Insurance that covers losses due to low-probability, high-cost events, like natural disasters.

Reinsurance

An agreement where a primary insurer transfers some of its risk to a secondary insurer, who agrees to cover a portion or all of the primary insurer's losses.

Retrocession

The part of the risk that an insurance company chooses to keep and not transfer to another insurer.

Human Factors Theory

A theory that classifies accident causes into three main categories: overload, inappropriate worker response, and inappropriate activities.

Vicarious Liability

A principle that assigns legal responsibility for an injury to a person who wasn't directly involved but has a specific legal relationship to the person who caused the harm.

Reinsurer

An insurer that takes on risk from another insurer through a contractual agreement, typically for a premium.

Facultative reinsurance

A type of reinsurance where the primary insurer chooses which loss exposures to submit to the reinsurer, who can accept or reject any submitted losses.

Loss severity

The primary underwriting concern in umbrella and excess liability underwriting, where the focus is on the severity of potential losses rather than their frequency.

Underwriting guidelines

Written manuals that outline an insurer's underwriting policy and specify the attributes of an account that an insurer is willing to insure.

Hazard

A condition that increases the frequency or severity of a loss.

Predictive modeling

A process that uses historical data to predict future outcomes based on various variables.

5S

A housekeeping technique with steps including sorting, straightening, scrubbing, systematizing and standardizing to maintain a clean and organized workspace.

Underwriting

A technique used by insurance companies to analyze risk and make decisions about who to insure, what premiums to charge, and what coverage to offer.

Risk Control

A type of risk management where the goal is to prevent or reduce the chance of a loss occurring in the first place.

Risk Financing

A type of risk management where the focus is on managing the financial impact of losses that do occur.

Quantitative Risk Assessment

A process of evaluating potential risks by using numerical values to estimate the likelihood of occurrence and the potential impact of an event.

Qualitative Risk Assessment

A type of risk assessment that uses non-numerical descriptions or categories to understand risk.

Premium Audit

A methodical examination of a policyholder's operations to determine the actual exposure units and premium for coverage. It ensures fair pricing based on actual risk.

Hierarchy of Controls

A set of steps designed to prevent or minimize risks. It prioritizes the most effective controls, starting with the most significant risk mitigation.

Telematics

Involves using technology to collect and transmit data via wireless communication and GPS tracking. This helps insurance companies understand driving behavior and risks.

Catastrophe Models

These are computer programs that estimate potential losses from future catastrophic events. They help insurers understand the financial impact of disasters.

Study Notes

Risk-Based Auditing

• Risk-based auditing prioritizes allocating internal audit resources to areas posing the greatest risk to the organization.
• It focuses on auditing objectives, materiality of risk, and identifying threats to business goals.

Risk Management and Organizational Alignment

• Risk management involves providing insurance and risk solutions to control or contain losses, and satisfy customers.
• Common goals include balancing risk and reward, supporting decision-making, and achieving objectives like tolerable uncertainty, compliance, and social responsibility.

Underwriting

• Underwriting helps insurers build a profitable book of business by minimizing adverse selection, ensuring adequate policyholder surplus, and enforcing underwriting guidelines.
• Underwriters select insureds, classify accounts, price, and recommend coverage while managing a book of business, and supporting producers and insureds.

Staff Underwriters

• Staff underwriters research the market, formulate underwriting policies, revise guidelines, evaluate loss experience, develop coverages, review rates, and manage complex accounts.

Underwriting Policy

• Underwriting policy guides individual and aggregate policy selection to align with the insurer's mission statement.

Essential Knowledge for Underwriters

• Successful underwriters possess expertise in insurance principles, practices, loss exposures, pricing, insurance rates, loss analysis, and internal/external information sources.

Rating

• Ratings assess the profitability of underwriting insurance policies based on a combined ratio.
• A combined ratio below 100 indicates profit; above 100, loss.

Rating (Page 2)

• Rating plans apply a rate and plan to an exposure to calculate policy premiums.

Moral Hazard (Page 2)

• Moral hazard increases the likelihood of intentional losses or exaggeration.

Property Application (Page 2)

• Underwriters examine loss history, COPE elements, and property values for property applications.

Supplemental Information (Page 2)

• Supplemental information such as risk management programs, financial statements, risk control reports, and property valuation helps underwriters assess accounts.

COPE and Loss Run (Page 2)

• COPE elements include construction, occupancy, protection, and external exposures. Underwriters analyze these factors.
• A loss run details an insured's claim history over a specified period.

Morale Hazard (Page 2)

• Morale hazard is carelessness or indifference increasing loss frequency or severity.

Fire Protection and Division (Page 2)

• Underwriters analyze loss exposures from neighboring properties and surrounding areas.
• Fire divisions are sections with good protection that don't easily spread fire to other parts.

Public and Private Fire Protection (Page 2)

• Public fire protection is provided by governmental authority.
• Private fire protection is implemented by property owners to protect assets.

Residential and Occupational Loss Exposures (Page 3)

• Underwriters assess residential risks considering guest hazards.
• Personal applications evaluate occupation to determine loss risk.

Rating Plan (Page 3)

• Rating plans detail criteria for exposure base, exposure units, and rates per unit to calculate premiums.

Combined Ratio (Page 3)

• A combined ratio below 100 indicates an insurer's underwriting profit.
• A ratio over 100 indicates an underwriting loss.

Nonfinancial Measures (Page 3)

• Nonfinancial measures are used to evaluate underwriting results: selection criteria, pricing, product mix, retention rates, hit ratios, customer service, and premium volume.

Retention Ratio (Page 3)

• The retention ratio measures the percentage of policies renewed by an insurer.
• Renewing policies is generally more profitable than acquiring new business.

Hit Ratio (Page 3)

• Underwriter success is measured by comparing policies written to applications quoted.

Physical Controls (Page 3)

• Physical controls limit access to protect information or facilities (locks, fences).

Technical Controls (Page 4)

• Technical controls (logical controls) operate within the computing environment (operating systems, firewalls).

Directive Control (Page 4)

• Directive controls specify employee behavior through policies and guidelines (Acceptable use policy).

Deterrent Control (Page 4)

• Deterrent controls discourage security policy violations (CCTV monitoring).

Preventative Control (Page 4)

• Preventative controls stop security incidents (background checks).

Compensating Control (Page 4)

• Compensating controls mitigate risk where the system cannot provide full protection. (agreed exceptional processes).

Detective Control (Page 4)

• Detective controls identify attempted security violations.

Corrective Control (Page 4)

• Corrective controls respond to security breaches (removing unauthorized personnel).

Hazard (Page 4)

• A hazard is a condition with potential harm.

Risk (Page 4)

• Risk is the chance of injury, loss, or hazard.

Incident (Page 4)

• An incident is a work-related injury, illness, or fatality.

Risk Response Strategies (Page 5)

• Four risk response strategies include avoidance, transfer, retention, and reduction.

Risk Assessment (Page 5)

• Risk assessment is the overall process of risk identification, analysis, and evaluation.

ALARA/ALARP (Page 5)

• ALARA (As Low As Reasonably Achievable)
• ALARP (As Low As Reasonably Practical)

Loss Control Measures (Page 5)

• Loss control measures minimize losses through internal training and compliance. Ex: Hazcom training, and machine guards.

Domino Theory (Page 5)

• Accidents are caused by a series of events. Removing an event could prevent the accident.

Petersen's Accident/Incident Theory (Page 5)

• Accident causes usually stem from human error or system failures.

Risk Analysis vs. Risk Management (Page 5)

• Risk analysis estimates risk.
• Risk management determines if risk is acceptable and implements methods to reduce it to an acceptable level.

Hazard Analysis Categories (Page 5)

• Hazard analysis typically involves three categories.

Primary Methods for Reducing Accidents (Page 6)

• Reducing accidents involve two main approaches: prevention and cost reduction.

Objectives of Risk Management (Page 6)

• Business objectives include reducing anxiety, meeting corporate responsibility, and continued growth after losses.

Poka-Yoke (Page 6)

• Poka-yoke is a lean manufacturing technique to prevent or detect errors.

Kaizen (Page 6)

• Kaizen is a Japanese term for continuous improvement related to consistent quality improvement.

5-S (Page 6)

• 5-S is an effective housekeeping technique, with steps to sort, straighten, scrub, systematize, and standardize.

Risk Management Techniques (Page 6)

• Risk control involves preventing or reducing losses (e.g. risk avoiding, modify risk).
• Risk finance involves purchasing insurance to cover losses. Risk management is the process of analyzing feasibility of risk treatment techniques.

Financial Considerations (Page 7)

• Financial considerations include forecasted losses, insurance types and deductibles.

Non-Financial Considerations(Page 7)

• Non-financial considerations include business operations, customer safety, and reputation.

Implementing Risk Management Techniques(Page 7)

• Risk financing techniques are carried out by risk management professionals.
• Risk control techniques are carried out by operations managers, through communication and training.

Insurance Rating Plans(Page 7)

• A rating plan specifies criteria for exposure base, exposure unit, and per-unit rates to determine premiums.

Combined Ratio(Page 7)

• Combined ratio below 100 indicates profit. Ratio over 100 signals underwriting loss.

Non-Financial Measures (Page 7)

• Non-financial measures monitor underwriting results such as, policy selection, pricing, product mix, retention rates, hit ratios, and customer service.

Retention Ratio (Page 7)

• The retention ratio measures the percentage of expiring policies an insurer renews.

Reinsurance (Page 7)

• Reinsurance transfers risk to another insurer through contracts (facultative).

Underwriting Guidelines (Page 7)

• Underwriting guidelines communicate insurer policy, specifying acceptable account attributes for insurance.

Qualitative and Quantitative Risk Assessments (Page 7)

• Qualitative assessment uses categorical risk values, while quantitative uses numerical estimates based on historical incidents and likelihood of reoccurance.

Methods (Qualitative & Quantitative Risk Assessment)(Page 7)

• Assessments include Delphi Method, facilitated Risk Analysis Process (FRAP), and Operational Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE).

Risk Assessment Formulas (Page 8)

• ARO (Annual Rate of Occurrence) estimates event frequency.
• EF (Exposure Factor) estimates potential asset loss percentage.
• SLE (Single Loss Expectancy) calculates potential loss impact.

EPA Human Health Risk Assessment (Page 8)

• EPA assesses hazard identification, dose-response assessment, exposure assessment, and risk characterization.

Underwriting Elements (Page 8)

• Underwriters may require higher liability limits and deductibles for certain exposures.
• The underlying insurer's coverage limits affect underwriting.

Loss Analysis (Page 8)

• Underwriters analyze insured operations to identify loss exposures and determine if the loss experience is appropriate for the business.
• Underwriters pay more attention to loss severity and catastrophe loss exposure.

Reinsurance (Page 8)

• Reinsurance transfers risk from an insurer to other insurers through a contract.

Facultative Reinsurance (Page 8)

• Facultative reinsurance allows primary insurers to choose which losses to submit to reinsurers.

Underwriting Guidelines (Page 8)

• Underwriting guidelines determine acceptable account attributes for insurance.

Hazard (Page 8)

• A hazard is a condition that increases loss frequency or severity.

Premium Audits (Page 9)

• Premium audits meticulously examine policyholder records and books to accurately determine the exposure unit and premium.

Telematics (Page 9)

• Telematics uses technology to transmit data wirelessly using GPS.

Predictive Modeling (Page 9)

• Predictive modeling blends historical data with multiple variables to estimate future outcomes.
• Catastrophe models predict losses from catastrophic events.

Insurance Types (Page 9)

• Catastrophe insurance covers low-probability, high-cost events.
• Reinsurance involves a primary insurer transferring risk to a secondary insurer, who covers all or part of the primary insurer's losses.
• Retrocession transfers part of the risk or the amount of insurance.

Human Factors Theory (Page 9)

• David Yates categorized accident causes into: overload, worker response, and activities.

Vicarious Liability (Page 11)

• Vicarious liability assigns responsibility to parties indirectly involved in accidents.

Incident Investigation (Page 11)

• Front-line supervisors are responsible for incident investigations.

Hazard Analysis (Page 11)

• Hazard analysis identifies and mitigates hazards during activities.

Inductive/Deductive Reasoning (Page 11)

• Inductive reasoning is specific-to-general (e.g. FMEA, FHA, FTA).
• Deductive reasoning is general-to-specific (e.g. FTA).

Fault Tree Analysis (FTA)(Page 11)

• Fault Tree Analysis (FTA) is a deductive technique that identifies contributing factors to an undesirable outcome through logical branching.

Incident and Risk Response Strategies (Page 11)

• Incidents are work-related injuries or fatalities.
• Risk response involves avoiding, transferring, retaining, or reducing risks.

Risk Assessment and Evaluation (Page 11)

• Risk assessment is the overall process of risk identification, analysis, and risk evaluation.

Loss Control Measures (Page 12)

• Examples include Hazcom training, machine guards, and confined space programs.

Domino Theory (Page 12)

• Accidents are caused by a chain of events.

SWOT Analysis (Page 12)

• SWOT analysis evaluates business strengths, weaknesses, opportunities, and threats.

Job Safety Analysis (JSA)(Page 12)

• Job Safety Analysis (JSA) assesses inherent risks in work processes.

Safety Benchmarking (Page 12)

• Safety benchmarking measures a company's safety program against best practices.

Risk Management Program (Page 12)

• Risk management programs are often revisited to accommodate new exposures or developments.

Risk Identification (Page 12)

• Tools and methods to identify risks include loss histories, checklists, audits, computer software, and team approaches.

Risk Treatment Techniques (Page 12)

• Primary techniques include avoiding the risk, modifying the risk.

Risk Financing Techniques (Page 13)

• Risk financing techniques for handling losses may include retention, where funds are generated to cover losses and transfer, where financial responsibility is shifted to another through a contract.

Selecting Risk Management Techniques (Page 13)

• The best techniques to use will be those that reinforce success rather than hinder it.

How Organizations Select Risk Management Treatments (Page 13)

• Organizations assess risks by frequency and severity to make decisions about management.

Personal & Advertising Injury Liability (Page 13)

• Includes incidents like false arrest, slander, libel and copyright infringement, commonly addressed in commercial loss scenarios.

Medical Payments Loss Exposures (Page 13)

• Medical payments cover necessary medical costs for injuries on or caused by the business.

Real Property (Page 13)

• Real property includes land and permanent structures upon it, plus things growing on the land (crops).

Ethical Principles (Page 14)

• Ethical principles for risk management include fair presentation, confidentiality, and due professional care.

Pure Risk (Page 14)

• Pure risk only results in a loss.

Whole-Person Theory and Indemnity (Page 14, 15)

• Whole-person theory assesses an injured person's overall well-being, while indemnity assesses losses from wages.

Risk Management (Page 14)

• Risk management deals with uncertainty and loss.

Types of Risk (Page 14)

• Pure risk: only potential loss.
• Speculative risk: potential loss or gain.

Enterprise Risk Management (ERM) (Page 15)

• ERM coordinates risk management strategies from different sources emphasizing relationships between risks from different sources.

Risk Assessment Methods (Page 15)

• Qualitative assessment uses non-numeric categories.
• Quantitative assessment uses historical data.
• The Delphi Method involves gathering data from experts.
• FMEA (Failure Mode and Effects Analysis) is a method to identify vulnerabilities.

Risk Assessment Steps (Page 15)

• Identify risk.
• Analyze impact of risk.
• Record findings.
• Review results periodically.

Risk Management Guidelines (Page 15)

• Establish a risk management program encompassing analysis, prioritization, response, and monitoring.
• Integrate risk management into the governance, risk, and compliance structure.
• Identify organization's assets susceptible to risk.
• Value assets using various methods.
• Identify vulnerabilities and potential threats.
• Assess risk (qualitative/quantitative). Prioritize risks.
• Respond accordingly (avoid, mitigate, transfer, accept risks).

Risk Management Techniques (Page 15)

• Techniques include avoiding the risk, modifying, transferring, or accepting.

Risk Financing (Page 16)

• Risk financing involves insurance, with suggestions for limits, and other options by risk specialists.

Transfer of Risk (Page 16)

• Risk transfer shifts financial responsibility to another entity through contracts.

Personal Umbrella Policies (Page 16)

• Supplement existing policies, offering higher liability limits and coverage not addressed in basic policies.

Underwriting (Page 16)

• Underwriters verify that a personal umbrella policy meets the required underlying coverage.

Physical/Technical Controls (Page 16)

• Physical controls (locks, fences) limit physical access, while technical controls (firewalls, software, operating systems), manage computing environments.

Consequences in Modern Management Theory (Page 17)

• Consequences are positive, negative, immediate, future, certain, or uncertain and powerfully motivators.

Risk Definition/Analysis (Page 17)

• Risk is a combination of probability and severity.
• Residual Risk is left after risk treatment.

Analysis Techniques (Page 17)

• Pareto analysis, FMEA (Failure Modes & Effects Analysis), FTA (Fault Tree Analysis), and FHA (Fault Hazard Analysis).
• Common Cause Failure Analysis determines if multiple failures stem from a single event.