I11 Risk Management Study Text 2024 PDF

Document Details

BestSellingEnglishHorn

Uploaded by BestSellingEnglishHorn

null

2024

The Chartered Insurance Institute

Dr Bill Stein

Tags

risk management insurance business continuity finance

Summary

This is a 2024 study text for the I11 Chartered Insurance Institute qualification focusing on risk management. The study text includes various learning outcomes and chapters that help students prepare for the examination. It contains multiple choice questions.

Full Transcript

Introduction to risk management I11 2024 STUDY TEXT Introduction to risk management I11: 2024 Study text RevisionMate Provided as part of an enrolment, RevisionMate offers online services to support your studies and improve your...

Introduction to risk management I11 2024 STUDY TEXT Introduction to risk management I11: 2024 Study text RevisionMate Provided as part of an enrolment, RevisionMate offers online services to support your studies and improve your chances of exam success. Access to RevisionMate is only available until 31 December 2024. This includes: Printable PDF and ebook of the study text. Student discussion forum – share common queries and learn with your peers. Examination guide – practise your exam technique. To explore the benefits for yourself, you can access RevisionMate via your MyCII page, using your login details: ciigroup.org/login Updates and amendments As part of your enrolment, any changes to the exam or syllabus, and any updates to the content of this course, will be posted online so that you have access to the latest information. You will be notified via email when an update has been published. To view updates: 1. Visit www.cii.co.uk/qualifications 2. Select the appropriate qualification 3. Select your unit from the list provided Under ‘Unit updates’, examination changes and the testing position are shown under ‘Qualifications update’; study text updates are shown under ‘Learning solutions update’. Please ensure your email address is current to receive notifications. 2 I11/October 2023 Introduction to risk management © The Chartered Insurance Institute 2023 All rights reserved. Material included in this publication is copyright and may not be reproduced in whole or in part including photocopying or recording, for any purpose without the written permission of the copyright holder. Such written permission must also be obtained before any part of this publication is stored in a retrieval system of any nature. This publication is supplied for study by the original purchaser only and must not be sold, lent, hired or given to anyone else. Every attempt has been made to ensure the accuracy of this publication. However, no liability can be accepted for any loss incurred in any way whatsoever by any person relying solely on the information contained within it. The publication has been produced solely for the purpose of examination and should not be taken as definitive of the legal position. Specific advice should always be obtained before undertaking any investments. Print edition ISBN: 978 1 80002 833 3 Electronic edition ISBN: 978 1 80002 834 0 This edition published in 2023 Author Dr Bill Stein BA PhD FCII FIRM. Bill has over 40 years’ combined experience as an insurance broker, underwriter and insurance academic. He has published many textbooks and academic papers related to insurance and risk management. During his career he has observed the evolution of theories and techniques of risk management, its adoption as an essential tool of business management and corporate governance, and the continuing strength of its partnership with the insurance industry. Acknowledgements The CII would like to thank Eamonn McDermott CFIRM for his assistance with the first edition of this study text. While every effort has been made to trace the owners of copyright material, we regret that this may not have been possible in every instance and welcome any information that would enable us to do so. Unless otherwise stated, the authors have drawn material attributed to other sources from lectures, conferences, or private communications. Typesetting, page make-up and editorial services CII Learning Solutions. Printed and collated in Great Britain. This paper has been manufactured using raw materials harvested from certified sources or controlled wood sources. ® MIX Paper from responsible sources FSC® C020438 3 Using this study text Welcome to the I11: Introduction to risk management study text which is designed to support the I11 syllabus, a copy of which is included in the next section. Please note that in order to create a logical and effective study path, the contents of this study text do not necessarily mirror the order of the syllabus, which forms the basis of the assessment. To assist you in your learning we have followed the syllabus with a table that indicates where each syllabus learning outcome is covered in the study text. These are also listed on the first page of each chapter. Each chapter also has stated learning objectives to help you further assess your progress in understanding the topics covered. Contained within the study text are a number of features which we hope will enhance your study: Activities: reinforce learning through Key points: act as a memory jogger at practical exercises. the end of each chapter. Be aware: draws attention to important Key terms: introduce the key concepts points or areas that may need further and specialist terms covered in each clarification or consideration. chapter. Case studies: short scenarios that will Refer to: Refer to: extracts from other CII study test your understanding of what you texts, which provide valuable information have read in a real life context. on or background to the topic. The sections referred to are available for you to view and download on RevisionMate. Consider this: stimulating thought Reinforce: encourages you to revisit a around points made in the text for which point previously learned in the course to there is no absolute right or wrong embed understanding. answer. Examples: provide practical illustrations Sources/quotations: cast further light of points made in the text. on the subject from industry sources. In-text questions: to test your recall of On the Web: introduce you to other topics. information sources that help to supplement the text. At the end of every chapter there is also a set of self-test questions that you should use to check your knowledge and understanding of what you have just studied. Compare your answers with those given at the back of the book. By referring back to the learning outcomes after you have completed your study of each chapter and attempting the end of chapter self-test questions, you will be able to assess your progress and identify any areas that you may need to revisit. Not all features appear in every study text. Note Website references correct at the time of publication. 5 Examination syllabus Introduction to risk management Objective To provide knowledge and understanding of the basic elements of risk and the role of insurance within these principles. Summary of learning outcomes Number of questions in the examination 1. Understand the concept of risk. 21 2. Understand how risk can be identified and analysed. 12 3. Understand how risk can be evaluated. 10 4. Understand how risk can be treated. 16 5. Understand how risk is managed in practice. 12 6. Understand business continuity management. 4 Important notes Method of assessment: 75 multiple choice questions (MCQs). 2 hours are allowed for this examination This syllabus will be examined from 1 January 2024 to 31 December 2024. The syllabus is examined on English law and practice unless otherwise stated This PDF document is accessible through screen reader attachments to your web browser and has been designed to be read via the speechify extension available on Chrome. Speechify is an extension that is available from https://speechify.com/. If for accessibility reasons you require this document in an alternative format, please contact us on [email protected] to discuss your needs. Candidates should refer to the CII website for the latest information on changes to law and practice and when they will be examined: 1. Visit www.cii.co.uk/qualifications 2. Select the appropriate qualification 3. Select your unit from the list provided 4. Select qualification update on the right hand side of the page Published October 2023 ©2023 The Chartered Insurance Institute. All rights reserved. I11 6 I11/October 2023 Introduction to risk management 1. Understand the concept of risk. Reading list 1.1 Describe risk and its main components. 1.2 Explain the role of risk in society. The following list provides details of further 1.3 Describe risk perception. reading which may assist you with your studies. 1.4 Describe the effects of risk upon organisations. 1.5 Describe the main types of risk. Note: The examination will test the syllabus alone. 1.6 Describe the main categories of risk faced by an organisation. The reading list is provided for guidance 1.7 Describe the main risks specific to insurance only and is not in itself the subject of the examination. companies. The resources listed here will help you 2. Understand how risk can be identified keep up-to-date with developments and and analysed. provide a wider coverage of syllabus topics. 2.1 Describe risk information. 2.2 Describe the main techniques of risk identification. CII study texts 2.3 Describe the main methods of collecting risk Introduction to risk management. London: information. CII. Study text I11. 2.4 Describe the main factors in risk analysis. Books and eBooks Handbook of insurance. Georges Dionne. 3. Understand how risk can be evaluated. New York: Springer, 2013.* 3.1 Describe how risk can be evaluated. 3.2 Describe the main evaluation factors. Handbook of the economics of risk and 3.3 Describe the use of risk registers. uncertainty. Mark Machina, W. Kip Viscusi. North Hollans, 2014.* 4. Understand how risk can be treated. Introduction to risk management and 4.1 Describe the main ways in which risk can be treated. insurance. 10th ed. Mark S Dorfman, David 4.2 Describe the main types of risk control. A Cather. Upper Saddle River,New Jersey: 4.3 Describe how and why risk may be spread. Pearson Prentice Hall, 2013. 4.4 Describe the use of insurance in risk transfer. Principles of risk management and 4.5 Describe the other main types of risk transfer insurance. 14th ed. George E. Rejda, mechanism. Michael J. McNamara. Pearson Education, 4.6 Describe how and why risk may be retained. 2021. 5. Understand how risk is managed in eBooks practice. The following eBooks are available via 5.1 Describe the main risk management roles and www.cii.co.uk/elibrary (CII/PFS members responsibilities. only): 5.2 Describe the generic risk management process and A short guide to operational risk. David the role of enterprise risk management (ERM). Tattam. Gower, 2011. 5.3 Describe the risk management factors unique to insurance brokers. Enterprise risk management: a common 5.4 Describe the main function of risk management framework for the entire organisation. Philip service providers. E.J. Green. Oxford: Butterworth-Heinemann, 2016. 6. Understand business continuity Enterprise risk management: from incentives management. to controls. James Lam. 2nd ed. Hoboken: 6.1 Describe the role of and standard approach to Wiley, 2013. business continuity management (BCM). 6.2 Describe the main elements of the BCM process. Ethics and risk management. Lina Svedin. Charlotte, NC: Information Age Publishing, 2015. Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Paul Hopkin, Kogan Page, 2014. * Also available as an eBook through eLibrary via www.cii.co.uk/elibrary (CII/PFS members only). Published October 2023 2 of 3 ©2023 The Chartered Insurance Institute. All rights reserved. 7 Fundamentals of enterprise risk management: how top companies assess risk, manage exposure and seize opportunity. John J. Hampton. New York: American Management Association, 2015. Principles of risk analysis: decision making under uncertainty. 2nd ed. Charles E. Yoe. Boca Raton, Florida: CRC Press, 2019. Journals and magazines Financial times. London: Financial Times. Daily. Available online at www.ft.com. Post magazine. London: Incisive Financial Publishing. Monthly. Contents searchable online at www.postonline.co.uk. The Journal. London: CII. Six issues a year. Reference materials Concise encyclopedia of insurance terms. Laurence S. Silver, et al. New York: Routledge, 2010.* Dictionary of insurance. C Bennett. 2nd ed. London: Pearson Education, 2004. Examination guide If you have a current study text enrolment, the current examination guide is included and is accessible via Revisionmate (ciigroup.org/login). Details of how to access Revisionmate are on the first page of your study text. It is recommended that you only study from the most recent version of the examination guide. Exam technique/study skills There are many modestly priced guides available in bookshops. You should choose one which suits your requirements. Published October 2023 3 of 3 ©2023 The Chartered Insurance Institute. All rights reserved. 9 I11 syllabus quick-reference guide Syllabus learning outcome Study text chapter and section 1. Understand the concept of risk. 1.1 Describe risk and its main components. 1A, 1B, 1E, 1F 1.2 Explain the role of risk in society. 2A, 2B, 2C, 2D 1.3 Describe risk perception. 1C, 1E 1.4 Describe the effects of risk upon organisations. 1D, 1E 1.5 Describe the main types of risk. 3A, 3B, 3C 1.6 Describe the main categories of risk faced by an organisation. 3A, 3B, 3C 1.7 Describe the main risks specific to insurance companies. 3D 2. Understand how risk can be identified and analysed. 2.1 Describe risk information. 5A 2.2 Describe the main techniques of risk identification. 5A 2.3 Describe the main methods of collecting risk information. 5A, 5B 2.4 Describe the main factors in risk analysis. 5C 3. Understand how risk can be evaluated. 3.1 Describe how risk can be evaluated. 5D 3.2 Describe the main evaluation factors. 5D 3.3 Describe the use of risk registers. 5B, 5D, 6F 4. Understand how risk can be treated. 4.1 Describe the main ways in which risk can be treated. 5D, 6A, 6B, 6F 4.2 Describe the main types of risk control. 6B, 6C 4.3 Describe how and why risk may be spread. 6C 4.4 Describe the use of insurance in risk transfer. 6C, 6D 4.5 Describe the other main types of risk transfer mechanism. 6C 4.6 Describe how and why risk may be retained. 6D 5. Understand how risk is managed in practice. 5.1 Describe the main risk management roles and responsibilities. 7A, 7B, 7C 5.2 Describe the generic risk management process and the role of 4A, 4B enterprise risk management (ERM). 5.3 Describe the risk management factors unique to insurance 3D brokers. 5.4 Describe the main function of risk management service 7C providers. 6. Understand business continuity management. 6.1 Describe the role of and standard approach to business 6E continuity management (BCM). 6.2 Describe the main elements of the BCM process. 6E, 6F 10 I11/October 2023 Introduction to risk management 11 Exam guidance and accessibility Before you begin the study text, we would encourage you to read about how to approach the exam. Study skills While the text will give you a foundation of facts and viewpoints, your understanding of the issues raised will be richer through adopting a range of study skills. They will also make studying more interesting! We will focus here on the need for active learning in order for you to get the most out of this core text. Active learning is experiential, mindful and engaging Underline or highlight key words and phrases as you read – many of the key words have been highlighted in the text for you, so you can easily spot the sections where key terms arise; boxed text indicates extra or important information that you might want to be aware of. Make notes in the text, attach notes to the pages that you want to go back to – chapter numbers are clearly marked on the margins. Make connections to other CII units – throughout the text you may find ‘refer to’ boxes that tell you the chapters in other books that provide background to, or further information on, the area dealt with in that section of the study text. Take notice of headings and subheadings. Use the clues in the text to engage in some further reading (refer to the syllabus reading list) to increase your knowledge of a particular area and add to your notes – be proactive! Relate what you’re learning to your own work and organisation. Be critical – question what you’re reading and your understanding of it. Five steps to better reading Scan: look at the text quickly – notice the headings (they correlate with the syllabus learning outcomes), pictures, images and key words to get an overall impression. Question: read any questions related to the section you are reading to get a feel for the subjects tackled. Read: in a relaxed way – don’t worry about taking notes first time round, just get a feel for the topics and the style the book is written in. Remember: test your memory by jotting down some notes without looking at the text. Review: read the text again, this time in more depth by taking brief notes and paraphrasing. On the Web Visit here for more detail on study skills: www.open.ac.uk/skillsforstudy. Note: website reference correct at the time of publication. 12 I11/October 2023 Introduction to risk management Exam guidance Answering multiple-choice questions When preparing for the examination, candidates should ensure that they are aware of what typically constitutes each type of product listed in the syllabus and ascertain whether the products with which they come into contact during the normal course of their work deviate from the norm, since questions in the examination test generic product knowledge. Some questions are simply questions of fact, whereas others may be more progressive in nature, requiring reasoning to determine the correct option or, perhaps, being answerable by a process of elimination. Whatever the question, read it carefully to identify what it is really asking. Do not assume that you 'know' what it is asking, even if the question is on a topic about which you feel very confident; answer the question exactly as it is asked. Also, look out for the occasional negative question (Which of the following is not …?). Try to answer all of the questions. While there is no substitute for a good grasp of the subject matter, and you cannot expect to pass the examination purely on guesswork, you do not lose marks for giving a wrong answer! You can find more information on the specific unit in the exam guide (available on the unit page on the CII website and on RevisionMate). On the Web You can find more on preparing for your exam by visiting: https://www.cii.co.uk/learning/ qualifications/assessment-information/before-the-exam/. Note: website reference correct at the time of publication. Accessibility The CII has produced a policy and guidance document on accessibility and reasonable/ special adjustments. The purpose of this is to ensure that you have fair access to CII qualifications and assessments. On the Web The ‘Qualifications accessibility and special circumstances policy and guidance’ document can be found here: https://www.cii.co.uk/media/10129005/cii-qualifications-accessibility- and-special-circumstances-policy-and-guidance.pdf. Note: website reference correct at the time of publication. 13 Introduction Risk has always been part of life. In the past people assumed that unfortunate events happened as a result of fate or because of the intervention of a god. In modern times we tend to assume that any harm caused by human activity should be capable of being mitigated or eliminated by human activity. So society today has become more risk averse and as a result the need to manage risk has grown in importance. To an extent, of course, risk management has always been with us, even though the term is of fairly recent use. Farmers sold their crop while it was still in the field to manage the risk that the crop could fail before harvest; in medieval times soldiers wore heavy armour to manage the risk of being hit by spears, swords and arrows. Risk is not always a bad thing. Good things can come out of taking a risk and modern risk management approaches take account of this. Some people actively seek risk because of the benefits they think it brings them. But others try to avoid it altogether. The terms used to describe someone's feelings about risk are their 'risk appetite' and their 'risk tolerance'. To take an example, an individual may be willing to invest in high-risk shares on the stock market (their risk appetite). They may, though, only be prepared to lose £10,000 (their risk tolerance). Over the course of the last 50 years, risk management has become an established professional discipline. Organisations of all kinds now recognise that their continued success (and even existence) relies on identifying and controlling the risks they face. The risk professional identifies, describes and records the risks faced by their organisation. By putting them into categories and classifying them by type they are then able to analyse and evaluate them in terms of how likely they are to happen and how bad it will be if they do. They can then formulate a strategy to deal with those risks. Some risks will be so severe that the only response is to try to eliminate them altogether. Others will be so small they don't really need a response. Steps will need to be taken to mitigate some risks and others will just have to be accepted, with steps taken to ensure funds are available to meet the cost. Other risks, or at least the cost of the risk occurring, can be transferred to someone else. The traditional way of taking this latter approach is through insurance and this remains a useful and popular response. Governments also need to manage risks and are guided in this by risk experts from many different fields. With lockdowns, face masks, and vaccines, the Covid-19 pandemic brought risk and risk mitigations to the daily attention of the general public. The world of risk never stands still. A United Nations initiative in 2004 to promote sustainability has now evolved to a stage where growing numbers of investors, regulators, businesses, employees and consumers make decisions based on environmental, social and governance (ESG) credentials. Getting ESG decisions right or wrong is now, in the 2020s, a new and significant factor of risk for every business and organisation to manage. In this study text we will introduce risk management by asking: 'What is risk?', 'How do we perceive and measure risk?' and 'How do we describe risk?' before moving on to consider 'What can we do about risk?' We will look at the tools used to identify, classify, value and manage risk and see how risk management has developed as a discipline and how it sits within an organisation's structure and culture. Finally, we will look at who is responsible for risk management and the job roles and skills that have grown up as organisations get to grips with how best to control the risks they face. 15 Contents 1: Components of risk A The meaning of risk 1/2 B Risk and uncertainty 1/5 C Risk perception 1/8 D Risk appetite 1/11 E Risk culture 1/14 F Risk in decision making 1/16 2: Risk and society A Changing influence of risk in society 2/2 B Frequency and severity of disasters 2/5 C Risk and the law 2/9 D Emerging and future risks 2/11 3: Types of risk A Corporate risk 3/3 B Operational risk 3/8 C Other classifications in common use 3/14 D Risk categories applicable to insurance organisations 3/17 4: The risk management process A Evolution of risk management 4/2 B Enterprise risk management 4/8 5: Risk assessment A Identifying risks: finding information and keeping up-to-date 5/2 B Describing and recording risks 5/12 C Analysing risks 5/15 D Evaluating risks: risk appetite and tolerance 5/21 6: Risk treatment A Eliminate the risk 6/3 B Control the risk 6/4 C Transfer the risk 6/12 D Retain the risk 6/15 E Business continuity management (BCM) 6/17 F Monitoring and evaluating risk controls 6/23 16 I11/October 2023 Introduction to risk management 7: Risk management roles and responsibilities A Role of directors and senior executives 7/3 B Evolution of the risk manager and risk team 7/6 C Other roles and responsibilities 7/10 D Would risk management have helped? A case study 7/22 Self-test answers i Legislation ix Index xi Chapter 1 Components of risk 1 Contents Syllabus learning outcomes Introduction A The meaning of risk 1.1 B Risk and uncertainty 1.1 C Risk perception 1.3 D Risk appetite 1.4 E Risk culture 1.1, 1.3, 1.4 F Risk in decision making 1.1 Key points Question answers Self-test questions Learning objectives After studying this chapter, you should be able to: describe the components of risk; describe risk appetite; and describe risk perception. Chapter 1 1/2 I11/October 2023 Introduction to risk management Introduction In this opening chapter we consider some basic components or concepts (thoughts, ideas and beliefs) about ‘risk’ and how people respond to it. This will be an important foundation for you as you progress in subsequent chapters towards an understanding of the complexity of risk and of modern risk management. Key terms This chapter features explanations of the following terms and concepts: Human error Peril and hazard Risk Risk appetite Risk culture Risk perception Risk tolerance Uncertainty A The meaning of risk This first sub-section of the study text plunges us straight into the confusing language of ‘risk’. For such a small word it can mean so many different things. In this section we look at meanings of risk and how insurance has been used as a tool for managing risk. A1 What is risk? The word ‘risk’ is widely used in modern life by individuals, businesses, governments and other organisations. It is usually seen as a bad thing and something to avoid, or at least minimise. Responses to risk are now so developed and sophisticated in many organisations that the activity has become known as ‘risk management’ and is facilitated by professionals known as ‘risk managers’. Managing risk is a practical and exciting activity that saves people, businesses and governments from much harm and misery. As an insurance professional you will contribute to this world of risk management. Activity Before you read on, stop and write a paragraph or two in answer to a question from a client ‘What is the meaning of risk?’ If you found that you could quickly write an explanation that balances some of the conflicting ideas that exist, then ‘well done’! More realistically, you probably had to pause for thought before you could come up with anything approaching the quality of an answer to an examination question – even though the majority of you are in some way professionals in the risk business (insurers, insurance brokers, risk consultants or risk managers in corporate organisations). A1A How we understand and react to risk The concept of risk is complex. Our understanding of it has evolved and deepened over hundreds of years and this process continues. Risk is not a modern invention, but the way people think about risk has certainly changed over time. It has moved from an acceptance that the happening of good or bad things was simply ‘fate’, to the feeling now that all risk can be avoided (or at least reduced) in some way. Risk means different things to different people. Factors like age, personality, gender, wealth, nationality and experience of life, all influence our attitudes to risk at different times in our lives. Chapter 1 Components of risk 1/3 Chapter 1 Some people are attracted to the thrill of dangerous sports like rock climbing – while others shun such activities. The young worry less about the risk of having insufficient savings or pension to live on in old age – but when they reach middle age they may begin to worry. Risk of drought and failed crops will be a constant worry for many farming families in parts of Africa. In low lying parts of the UK the risk may be that of too much rain, causing riverbanks to burst and farmland to be flooded. Time and circumstances influence our attitude to risk. In the introduction to his book Risk, Professor John Adams asserts that everyone is, in a sense, a risk expert, beginning with the trial and error processes by which we first learn to crawl. Everyone a risk expert In our development to maturity we progressively refine our risk-taking skills; we learn how to handle sharp things and hot things, how to ride a bicycle and cross the street, how to communicate our needs and wants, how to read the moods of others, how to stay out of trouble…learning to walk or ride a bicycle cannot be done without accident. In mastering such skills they [children] are not seeking a zero-risk life. They are balancing the expected rewards of their actions against the perceived costs of failure. Source: Risk, Professor John Adams People do not always consciously think about risk in the activities they undertake. They may have no insight into the fact that they have taken risk into account in choosing to follow a particular action or to do it in a particular way. It is useful to focus on the minds and interpretations of individual people when thinking about the meaning of risk. Remember that organisations are made up of people and it is people, often in senior or controlling positions, who make decisions about risk. If we can readily accept that people are complex in the face of risk then it will be no surprise to us that in this study text we need to consider the additional complexity introduced when people function as a group. A1B Principal risks faced by organisations The annual report and accounts of many organisations now includes a section on ‘Principal Risks’. The introduction of this section came from the need to inform potential investors and to comply with regulations or with stock exchange rules. In this study text we consider risks and the responses of individuals and of all types of organisations, not only insurance organisations. It will help you if you are able to think widely about the risks faced by different types of organisation. As a start, have a go at the following activity. Reinforce At this early stage in your study of risk management, the terminology used in Annual Reports such as 'risk culture' and 'risk appetite' may be confusing to you. These topics and others will be covered as you progress through this study text. You may find it helpful to save your downloaded copies of the Annual Reports so you can refer back to these real-world examples of risk management as you go through the study text. Chapter 1 1/4 I11/October 2023 Introduction to risk management Activity Search the internet and download the pdf versions of the full Annual Reports 2021 from Bupa (a healthcare insurance organisation) and Vistry Group (a house builder). We will use these to start our thinking about uncertainties. Browse through each report to familiarise yourself with the organisation, then turn to the section on Principal Risks. Select five risks for each organisation, as though completing the following table. We have given you a helping hand by starting the table. You will quickly see that different perspectives on principal risks emerge, reflecting the different types of business activity. Bupa Vistry Group Risk 1 Operational (including conduct risk Materials and subcontractor labour. and clinical risk) Increasing production across the Risk of loss arising from inadequate or industry may lead to shortages of both failed internal processes, or from materials and subcontract labour. personnel, systems or external events. Pressures on supply chain brought This risk also includes conduct risk (the about by increased marked demand, UK risk that our behaviours, actions or and overseas distribution issues, controls result in detriment or unfair alongside Brexit and labour availability outcomes for our customers), and could materially impact the supply of clinical risk (the risk of injury, loss or materials or subcontractor services. harm to customers in receipt of healthcare). Risk 2 Insurance risk. Climate change and sustainability. Risks relating to our insurance Failure to articulate our pathway to businesses. Risk of inadequate pricing carbon net zero targets and consider and/or underwriting of insurance the impact of climate change in terms of policies, of claims experience being physical and transitional risks. A failure materially adversely different to to keep up with the increasing levels of expectations and that provisions made interest and reporting requirements from for claims prove to be insufficient in light government, investors, customers and of later events and claims experience. civil society to build in more environmentally considerate and sustainable ways could result in penalties and negative attention. Risk 3 Risk 4 Risk 5 A2 Risk and insurance The purpose of this study text is to provide an introduction to the basic elements of risk and its management within an insurance context. As such, we will consider risk in relation to the needs of private and corporate clients, as well as the needs of insurance organisations and the unique aspects of risk they face. The study text is therefore relevant to all risk professionals, whether in insurance, broking or in corporate risk management roles. The term ‘risk management’ is now widely in fashion in private and commercial life and it is an established business discipline. However, its use in insurance predates this fashion. ‘Risk’ has always been a core insurance term and is used in a variety of ways: to describe the type of policy cover; as the name for the physical object being insured; and to refer to the chance of an insured loss occurring. Insurance remains one of the most important tools for personal and corporate risk management. Insurance brokers and their risk consultancy arms contribute hugely to finding insurance and non-insurance solutions to the many risks organisations face. Notice that insurance is not the only option available to risk managers to deal with adverse risk, so insurers must accept that they are in the ‘risk business’ and deliver insurances that are responsive to the needs of modern risk management. Chapter 1 Components of risk 1/5 Chapter 1 We will return to insurance throughout this study text and examine how insurance is used by organisations to transfer risk. We will also look at how insurers manage the particular risks of the insurance business. B Risk and uncertainty In his book Risk, Uncertainty and Profit published in 1921, the American economist Frank Knight made a distinction between risk and uncertainty. It may be paraphrased as: If you don’t know for sure what will happen, but you know the odds, that’s ‘risk’; and if you don’t know the odds that’s ‘uncertainty’. B1 Uncertainty Consider how few things in life are certain to happen. Ageing and death are clearly certain for all, but good health, prosperity, happiness and freedom from harm are far from certain. In fields of study like economics or statistics, experts often make a distinction between ‘risk’ – being where the statistical probability of an event can be calculated – and ‘uncertainty’ – where there are too many variables involved to make this calculation accurately. But in the real or everyday world of non-experts, we tend to use ‘risk’ and ‘uncertainty’ to mean the same thing. Some highly-respected organisations use ‘uncertainty’ as part of their formal definitions of risk. Consider the following quotes: ‘Risk is the effect of uncertainty on objectives. An effect is a deviation from the expected. It can be positive, negative or both, and can address, create or result in opportunities and threats. Objectives can have different aspects and categories, and can be applied at different levels. Risk is usually expressed in terms of risk sources, potential events, their consequences and their likelihood.’ Source: International Organization for Standardization (ISO). Standard ISO 31000 Risk Management – Preview. Available at: www.iso.org/iso-31000-risk-management.html ‘Risk is part of everything we do. We all manage risk – often without realising it – every day. We live in an ever-changing world and the pace of change is increasing. This carries with it uncertainty and that uncertainty brings new opportunities and risks. How we manage those has never been more important in helping us meet our objectives, improve service delivery, achieve value for money and reduce unwelcome surprises.’ Source: Foreword to Management of Risk in Government: Framework. Available at: www.gov.uk/government/publications/management-of-risk-in-government-framework ‘Risk affects all organisations. It can have far-reaching consequences in terms of economic performance, environmental and safety outcomes, and professional reputation. Managing risk effectively and risk optimisation, therefore, will help enterprises of all sizes and in all business sectors to perform well in an increasingly uncertain environment.’ (Source: the Association of Chartered Certified Accountants (ACCA). Technical factsheet: effective risk management. Available at: www.accaglobal.com/uk/en/technical-activities/ technical-resources-search/2016/october/tf-effective-risk-management.html It may be that ‘risk’ hints at the possibility of only negative outcomes, whereas ‘uncertainty’ sounds neutral. This could be one reason for preferring one word over the other in certain circumstances and for certain audiences. Chapter 1 1/6 I11/October 2023 Introduction to risk management Be aware Even the experts disagree on the terminology of risk. Do not worry if meanings sometimes appear contradictory; it is part of the process of increasing our knowledge. But this terminology is in daily use in the world of risk and risk management, so it is essential that you become familiar with it. It is also important that you expand your mind as to the elements of risk. When you start to disagree, point out contradictions, and argue your own point of view, then you are well on the way to mastering the topic. B2 Chance The word ‘chance’ is generally associated with gambling or ‘games of chance’ such as roulette or lotteries. Chance is another awkward word to define but which nonetheless crops up in relation to conversations about risk. For that reason we should give it some thought. Chance seems to suggest a loss or event that we cannot predict or prevent; something beyond our human control and in the hands of fate. To that extent we could argue that the word is unsuitable for use in risk management terminology, because we know that human failings or lack of preparation for the worst are behind many of the world’s losses. But if people use a word in the real world, then we must accept that and deal with it. B3 Level of risk Another aspect of risk relates to the different levels of it that exist. We know that there is a greater chance of some things happening than others and this is what we mean by the level of risk. Risk is usually assessed in terms of frequency (how often it will happen) and severity (how serious it will be if it does happen). These are the measurement criteria in the risk management process. Frequency Frequency is best described by looking at an example. Example 1.1 House A is situated at the side of a river. Heavy winter rainfall has twice in the last 50 years caused the river to overflow its banks and to cause flood damage to House A and some neighbouring properties. This situation involves risk. There is some doubt as to the future outcome because it is uncertain whether the river will overflow and, if it does, when. The two recorded incidents of overflowing increases the uncertainty that flood damage may occur in the future. House B is 100 metres away from the riverbank, on a slight hill and has never suffered flood damage. This house will be less at risk from flooding because of both its position and the fact that there is no record of any flood damage. Severity Our judgment as to the level of risk posed may change if we consider the potential amount of loss, damage or destruction (i.e. the severity of the loss). Let’s look again at our example: Example 1.2 Here is some additional information about houses A and B from our last example. House A is valued at £100,000. House B is valued at £300,000. Now we know this information, we might modify our view as to which house represents the higher risk, given the higher potential severity of a loss to House B. Therefore, factors relating to both frequency and severity must be taken into account in our assessment of risk. The relationship between frequency and severity varies from one risk to another. Chapter 1 Components of risk 1/7 Chapter 1 B4 Peril and hazard Let us start with a brief definition for both peril and hazard: Peril can be defined as that which gives rise to a loss, e.g. fire or flood. Hazard can be defined as that which influences the operation or effect of the peril. Example 1.3 Consider a factory insured against fire that has no sprinklers installed. If a fire breaks out – that is the peril. The lack of sprinklers is a hazard in this scenario as it has the potential to make the fire cause more damage than it otherwise would. Here are some other examples of peril: Explosion this is the event insured against, which may give rise to loss. Lightning when it occurs, this natural peril can result in damage. Collision whether between ships, aircraft or vehicles. Dishonesty either employees or external parties stealing from a company for example. Be aware For insurance professionals, the word ‘peril’ is a familiar term because it appears in the wording of some insurance policies and is part of the day-to-day language of the business. Non-insurance professionals are likely to prefer using the word ‘risk’. But when talking about hazard, both words are used in the same way. B4A Physical and moral hazard Hazard can be either physical or moral. Physical hazard relates to the physical characteristics of the risk and includes a measurable dimension of the risk. Examples include the following: Security protection at a shop the greater the security protection, the better the physical hazard. The construction of the higher the standard of building construction the less likely it is that the the property property will suffer damage. These standards can apply to both the materials used and the building process itself. Age of a proposer and type of these are factual, measurable dimensions. car for motor insurance Moral hazard arises from the attitude and behaviour of people. In insurance, this is usually the conduct of the insured. Moral hazard also arises from the conduct of the insured’s employees and that of society as a whole. For example: Carelessness a driver’s lack of care can increase the chance of an accident happening and its severity. Dishonesty a person who has previously made fraudulent or exaggerated claims is a poor moral hazard. Social attitudes a person who regards insurance fraud as acceptable and not immoral. The way in which a business is run is also an example of moral hazard. For example, careless or lax management in a factory represents poor moral hazard. This is clearly something relating to attitude and behaviour, but it may be revealed by unguarded machinery or a lack of control of smoking by employees. It is unsafe to jump to the conclusion that there is an adverse moral aspect to a risk merely because the risk is a heavy one. A fireworks factory represents a very heavy fire risk, but it does not follow that there is a poor moral aspect to the risk. The safety and security within Chapter 1 1/8 I11/October 2023 Introduction to risk management the factory may be world class, and therefore the hazard is low and reduces the apparent size of the risk. Equally, at first glance it looks as if a young driver who is driving a high-performance car certainly represents a poor moral hazard, as the statistics show that a large proportion of car accidents are caused by young drivers. The car itself will be in a high rating group because of its value and performance. However, these two aspects are physical because they are measurable. It is, of course, important to factor into the equation other key information, such as the proposer’s loss history and any serious motoring convictions. Looking again at some of the perils identified above, some of the hazards which can be linked with them are: Explosion this is the event insured against, which may give rise to loss. The hazards that might be linked with this are the storage of dangerous chemicals or not ensuring that there is no smoking in certain areas. Lightning when it occurs, this natural peril can result in damage. Hazards would be the construction of any buildings struck by lightning or the inadequacy of any lightning conductors being used. Collision whether between ships, aircraft or vehicles. The hazards are in relation to speed, behaviour, extent of training. Having a relaxed attitude to the speed limit as a driver is an example of bad moral hazard. Dishonesty instances of employees or external parties stealing from a company. The hazards are things like poor security in place or inadequate operational controls. A lax corporate attitude to security is an example of bad moral hazard. Question 1.1 A factory manufacturing fireworks is inspected by insurers and found to have excellent safety protocols and good training for staff. What are the protocols and training examples of? a. Good moral hazard. □ b. Poor moral hazard. □ c. Good physical hazard. □ d. Poor physical hazard. □ C Risk perception Risk is an intangible thing. Over time, as individuals and as groups in society, we have evolved conscious (reasoned or thought-out) and unconscious (instinctive, emotional or 'gut- feeling') ways of interpreting risk. Human behaviour is heavily influenced by perception and much less so by what science would regard as matters of fact. It is therefore important that risk professionals (which of course includes insurance professionals) have some understanding of the influences on risk perception. They can then allow for the, often outwardly irrational, responses to their attempts to influence the behaviour of clients, customers, policyholders, employees and others in relation to risk. In this section we look at factors that influence our perception of risk. C1 Patterns of behaviour in reaching perceptions of risk Psychologists have observed that people generally follow one of a range of patterns of behaviour in reaching a risk-related perception. This is demonstrated in figure 1.1. Chapter 1 Components of risk 1/9 Chapter 1 Figure 1.1: Behaviours influencing risk perception Voluntariness Other influences Controllability on risk perception Dread and Delay unknown risks Man-made and Media natural risks Expected Familiarity benefits We can expand on what psychologists means by these behaviours as follows. C1A Voluntariness Experts have shown that our perception of risk is reduced if we chose the risk voluntarily and is increased if the risk is imposed on us. People are willing to accept risks they choose themselves (e.g. skiing, diving, rock climbing) that are up to one thousand times greater than risks imposed on them (e.g. food preservatives). They choose these risks because they want the rewards involved. At the same time they are confident of their personal ability to control the risk. They have freedom of choice and are prepared to accept responsibility for their decision. C1B Controllability People are more willing to accept risks they think they can control. Risks that are out of our control are more frightening because we cannot influence their outcome. Most people overestimate their ability to control risk, thinking they are better than average, which of course not everyone can be. A variation of controllability arises when we do not have the skills needed to accept a risk (say flying an aeroplane), in which case our perception is influenced by the degree of trust we have in the person responsible on our behalf. C1C Dread and unknown risks Dread risks are those over which people feel they have little control and which have dreadful consequences, such as nuclear accidents and skyscraper fires. Unknown risks are those of which people have limited knowledge, such as solar flares or nanotechnology. Risks that have a high dread value tend to be overestimated, while risks that are unknown attract little attention and tend to be underestimated. C1D Delay If the effect of a risk is far into the future we may be more willing to accept that risk now. Perhaps we think something will happen in the meantime to reduce or avoid the consequences of the risk. A typical example is a smoker willing to accept the known risks spelt out on the packet for the immediate pleasure of the tobacco. Chapter 1 1/10 I11/October 2023 Introduction to risk management C1E Man-made and natural disasters Man-made and natural risks are perceived differently, the latter being more accepted than the former. This refers back to control. We assume something could be done to reduce the effect of man-made situations. We look to cause and effect and for someone to blame when things go wrong with man-made activities or objects. Natural processes can be accepted as acts of God or fate, against which there is no redress. However, distinctions in this area are becoming blurred, as some natural phenomena like global warming and climate change are being linked to man-made activity, and common natural disasters like floods and earthquakes can be defended against with suitable man- made precautions. C1F Familiarity Our familiarity with risks also affects our perception. We get used to living with certain risks, e.g. those associated with driving, and our perception of the real risk can diminish with time. Uncertainty causes us problems and new risks, whose outcomes are unknown, can cause particular concern. Examples here would be COVID-19, global warming, the consequences of genetic engineering and the side effects of shale gas fracking. C1G Expected benefits Expected benefits also influence our view of risk. Driving is known to be high risk but is accepted because of the overriding benefit of getting quickly from place to place. In this case, a personal risk gives a personal benefit. But will we accept a risk if the benefit goes to someone else? Studies show that we are more prepared to accept risk where we perceive that the benefits are shared fairly, than if we think benefits are shared unfairly. We may accept living with nuclear power stations because we all benefit from the resulting energy distribution, but we may protest about coal mining where we think the risks, e.g. the danger to the miners and locality, are out of proportion to the distribution of rewards. C1H Media influence Perceptions of risk are influenced by the media. Risks not in the media are seen as less important than those that are. Rightly or wrongly we think risks must be important if the media has chosen to cover them. Today the media, including social networks and the internet, are one of the main influences on our knowledge of risk, though there is debate as to how much media reports alter risk perception. We will return to the theme of ‘communication risk’ several times in this study text. Throughout this study text will we make use of case studies and we introduce our first one here. There are learning points about crisis management in this case, but here we use it to demonstrate some issues of risk perception. Consider this… Scrapping the Brent Spar oil storage platform This is a classic case where the media, encouraged by the actions of Greenpeace, played a major part in the perception of risk with the end result that Shell’s reputation suffered badly. Try imagining that you were the Risk Manager at Shell at the time. How would you have handled this? Could you and other colleagues have anticipated this risk and taken steps to prevent it developing to the extent it did? On the Web For the full background story see Shell's own 'Brent Spar Dossier' at www.shell.co.uk/ sustainability/decommissioning/brent-spar-dossier.html. The influence of personal perceptions on human behaviour means that an effort has to be made to introduce as much objectivity as possible into the decision-making process. This can be done by making adequate and accurate risk information available to decision makers. Chapter 1 Components of risk 1/11 Chapter 1 C2 Group influences on risk perception Many (perhaps most) decisions concerning action on risk are made by groups of people such as small or large committees, working groups, team leaders’ meetings, right up to the Board of Directors. Therefore, we need to be aware of the dangers of group decisions. Intuitively, we might think that involving a group of people would lead to a wide range of perspectives being heard and produce a balanced, objective result. However, individual members of a group may depart (consciously or unconsciously) from their expected response and conform to group pressure. This is known as ‘groupthink’. This is more likely to happen in the absence of clear ground rules, such as voting in secret, or requiring a majority or insisting on a unanimous vote. The methodical nature of modern risk management processes, and tools such as the use of a risk matrix, may help to strengthen objectivity in groups. These tools will be covered in more detail later in the study text. C3 Perception and communication When communicating about risk it is important to bear in mind that your intended audience will interpret its meaning according to their own perceptions. Remember the Brent Spar case: the physical risk was understood by Shell but it did not understand the public’s perception. Consequently it was ignored, leading to a huge loss of reputation. Question 1.2 If the effect of a risk is far into the future we may be more willing to accept that risk now. This pattern of behaviour in reaching a risk-related perception is known as: a. Controllability. □ b. Delay. □ c. Familiarity. □ d. Expected benefits. □ e. Voluntariness. □ D Risk appetite Human beings are complex creatures. Some people get pleasure out of risk taking and others prefer to avoid risk if they are able to choose. We can observe a wide variation in the response of individuals to risks: we call this risk appetite. D1 Risk-seeking and risk-avoiding behaviours Individuals and corporations respond to risk in different ways. Here are a few examples: There are individuals who voluntarily take risks or expose themselves to it, e.g. they hang-glide for enjoyment, climb mountains, play dangerous sports, gamble, never insure. On the other hand there are people who will never participate in dangerous sports, rarely gamble and will always choose to insure when available. Similarly, some home or motor insurance policyholders have an appetite for a high level of voluntary excess while others prefer the lowest possible excess or none at all. Certain businesses take far higher risks than others in the ventures they undertake. We have seen examples of this in the past, usually when things go wrong and questions are asked as to why certain risks were ever taken. We see evidence of financial risk in the very existence of the Stock Exchange and the buying and selling of stocks and shares. If there were no risk, and hence no possibility of gain or loss, the need for a marketplace where shares are traded would almost disappear. In the world of banking and insurance we also see different responses to risk: one bank will not lend money to a certain country, while the bank next door may deal extensively with it. Two insurers may also exhibit quite different attitudes to the same risk. Even Chapter 1 1/12 I11/October 2023 Introduction to risk management where the influences of competition, expense levels and investment income are taken into account, there are still cases where one insurer will want to charge a higher level of ‘pure’ premium than another. We cannot assume that the insuring public (or the non-insuring public for that matter) will respond to risk in the same way. We might say that there is a range from risk averse to risk seeking. D2 Organisations and risk appetite The concept of risk appetite has also been considered in similar terms such as attitude, preference, tolerance and capacity. The notion that there is a risk appetite has relevance for insurers in several ways: the technical capacity of available capital to fund insurance risk; the influence on leadership and direction and for controlling incentives. Risk appetite is a concept that has been refined as part of the enterprise-wide risk management approach. As well as complying with regulations on how companies are run, organisations in all sectors are increasingly being asked by key stakeholders, including investors, analysts and the public, to express clearly the extent of their willingness to take risk in order to meet their strategic objectives. We will return to this topic later in the study text. D3 Risk tolerance The concept of risk tolerance is related to that of risk appetite. Taken together they form a useful tool for managing risk in organisations. D3A Applying the concept of risk tolerance to individuals Consider risk tolerance from an individual's point of view. Look again at one of the examples used in Risk-seeking and risk-avoiding behaviours on page 1/11 on risk-seeking behaviour: consider a risk-seeking person whose strong appetite for risk encourages them to reduce the insurance premium on their new £25,000 car in return for limiting cover to Third Party Only. Weighing up this decision, our hypothetical risk seeker might calculate that they could cope financially with unexpected costs of up to £1,000 – perhaps for a damaged wheel, a car park scrape, or even a minor collision reversing into a lamp post. However, major repair costs can be considerable, especially as vehicles increasingly incorporate high-tech equipment. If there is a major collision (where there is no obvious other party to blame and so to bear the costs) and the vehicle is damaged beyond repair, could our risk seeker afford a further £25,000 to purchase a replacement vehicle? In a nutshell, that is where the concept of risk tolerance arises – what is the level beyond which our risk seeker concludes that they are realistically unable to assume risk? D3B Applying the concept of risk tolerance to organisations If we look at risk tolerance in an organisational context, the fundamental thinking is exactly the same, but the language becomes necessarily more complex. A risk-aware organisation will not follow its risk appetite blindly. The types of risky activity engaged in, or the monetary amount of potential losses, will generate a self-imposed tolerance level. This will be based on factors that include cash liquidity, availability of bank borrowing, potential severity of damage to reputation, chance of breaching regulatory requirements and the impact on current customers and other stakeholders, such as employees and investors. So whether for individuals or for organisations, appetite for risk is moderated by the ability to tolerate types of loss or levels of loss. Chapter 1 Components of risk 1/13 Chapter 1 Example 1.4 Setting a limit for risk tolerance An insurance company’s chief underwriter wishes to temporarily accept a higher level of risk for a particular class of insurance because demand is high and the chance of making a large underwriting profit is currently great. For the underwriter, hungry for profitable business, the risks may seem worth taking. The Board of Directors may share the underwriter’s appetite for taking additional risk, but their role obliges them to consider the business as a whole. Examples of broader factors that will influence what can be tolerated are: the capital (money) available to meet liabilities if claims are higher than expected; their other plans (strategy) for the profitable growth of the business; and the limits on risk-taking imposed by government regulation. Although the concepts sound similar, there is a difference between risk appetite and risk tolerance. While risk appetite is about a desire and ability to pursue risk, risk tolerance is about what the Board of Directors have prudently authorised the organisation to accept. D3C Summing up Risk appetite Documents the overall principles that a company follows with respect to risk taking, given its business strategy, financial soundness objectives and capital resources. Often stated in qualitative terms, a risk appetite defines how an organization weighs strategic decisions and communicates its strategy to key stakeholders with respect to risk taking. It is designed to enhance management’s ability to make informed and effective business decisions while keeping risk exposures within acceptable boundaries. Risk tolerance The company’s qualitative and quantitative boundaries around risk taking, consistent with its risk appetite. Qualitative risk tolerances are useful to describe the company’s preference for, or aversion to, particular types of risk, particularly for those risks that are difficult to measure. Quantitative risk tolerances are useful to set numerical limits for the amount of risk that a company is willing to take. Source: National Association of Insurance Commissioners, USA, Own Risk and Solvency (ORSA) Guidance Manual 2017. Available at https://bit.ly/3dJ4KtK. The information in table 1.1, using organisational contexts, may also help to clarify the difference between risk appetite and risk tolerance and how they align. Table 1.1: Contrast between risk appetite and risk tolerance in an organisational context Risk appetite Risk tolerance Oil company Oil company An oil company has a high risk appetite and is The same oil company imposes a limit of two weeks for comfortable with investing millions of pounds in drilling oil rig workers to be on duty on an offshore oil rig operations to search for new oil fields with the risk of because it has been advised that longer periods will possibly finding none. lead to fatigue, loss of concentration and increased chance of accidents. Its desire to protect employees and to avoid harm to reputation restricts its natural risk appetite. This numerical limit of two weeks is a quantitative boundary and an aspect of the company’s risk tolerance. Property investor Property investor An organisation has a high risk appetite related to While we expect a return of 18% on this investment, we strategic objectives and is willing to accept higher are not willing to take more than a 25% chance that the losses in the pursuit of higher returns. investment leads to a loss of more than 50% of our existing capital. (The organisation’s risk tolerance statement.) Chapter 1 1/14 I11/October 2023 Introduction to risk management Table 1.1: Contrast between risk appetite and risk tolerance in an organisational context Risk appetite Risk tolerance Health services organisation Health services organisation Places patient safety amongst its highest priorities. The We strive to treat all emergency room patients within organisation also understands the need to balance the two hours and critically ill patients within 15 minutes. level of immediate response to all patient needs with the However, management accepts that in rare situations cost of providing such service. The organisation has a (5% of the time) patients in need of non-life-threatening low risk appetite related to patient safety, but a higher attention may not receive that attention for up to four appetite related to response to all patient needs. hours. (The organisation’s risk tolerance statement.) Retail company Retail company A retail company has a low risk appetite related to the For the purchasing department, the risk tolerance is set social and economic costs for sourced products from at near zero for procuring products that do not meet the foreign locations that could be accused of being child organisation’s quality and sourcing requirements. sweatshops or having unhealthy working conditions. Manufacturer Manufacturer A manufacturer of engineered wood products operates The company has set a target for production defects of in a highly competitive market. To compete, the one flaw per 1,000 board feet. Production staff may company has adopted a higher risk appetite relating to accept defect rates up to 50% above this target (i.e., 1.5 product defects in accepting the cost savings from flaws per 1,000 board feet) if cost savings from using lower-quality raw materials. lower-cost materials is at least 10%. Source: Adapted from Rittenberg, L. and Martens, F. (2012) Enterprise Risk Management: Understanding and Communicating Risk Appetite. COSO (Committee of Sponsoring Organizations of the Treadway Commission), USA. Question 1.3 ‘A limit on risk taking that an organisation judges it prudent to apply to its operations, even though it might wish to take greater risks’. Which term applies to this position? a. Risk appetite. □ b. Risk tolerance. □ c. Risk preference. □ d. Risk attitude. □ e. Risk capacity. □ E Risk culture Risk culture is a term that is used to describe the appetite, attitude and understanding of risks that is shared by a group of people. E1 Risk culture in organisations Large organisations may have a range of organisational risk cultures. One side of the business may operate in a completely different way from another. The financial crisis of 2008 highlighted a wide difference in risk culture within the problem banks, between the risk- averse retail (high street) division and their risk-seeking investment divisions. Risk culture is displayed in a mixture of formal and informal processes and behaviours. The informal or ‘off the record’ behaviours are harder to observe since they involve many small behaviours and habits, which are unlikely to be prominent in any records or procedural manuals. Risk culture is not a static thing, but a continuous process, which renews itself and develops. Organisations, their Boards and risk managers need to be alert to any gradual deterioration in risk culture. Chapter 1 Components of risk 1/15 Chapter 1 E2 Risk culture in the financial services industry There has been a greatly increased focus on the concept of 'risk culture' following the financial crisis of 2008. It was quickly judged by the media, and by official investigations, that a culture of uncontrolled risk taking existed, with employees concentrating on personal enrichment and losing sight of the interests of clients. Although the financial crisis and the LIBOR scandal lay firmly at the door of Barclays and other banks, the financial services sector as a whole, including insurance, was tarnished by the crisis. Efforts have been made by government regulators and by the financial services firms themselves to fully understand culture, so that it can be measured and controlled. E3 Risk culture in other sectors A weak risk culture is not confined to the banking sector: it can be found in all sectors of industry, commerce, non-profit organisations and government agencies. Activity Check the stories of the two scandal-hit organisations discussed below by looking them up on the internet: The Mid Staffordshire NHS Foundation Trust scandal. BP Deepwater Horizon oil spill. Look at the images and click on a few of the news reports to get a general idea, or to remind yourself, of the events. The Mid Staffordshire NHS Foundation Trust scandal The Public Inquiry into the problems with the quality of healthcare at Mid Staffordshire NHS Foundation Trust found that culture played a significant part in its failures. The inquiry report said that features of its poor risk culture included: lack of recognition of its own failures and weaknesses; lack of self-criticism; rejection of external criticism and reliance on external praise; and above all, a culture where staff feared for their jobs if they told the truth. The BP Deepwater Horizon oil spill The Commission of Inquiry into the BP Deepwater Horizon oil spill also found features of a poor risk culture, including: the absence of any major crisis for several years leading to a culture of complacency; many missed warning signals; a failure to share information; and a general lack of appreciation for the risks involved. In the view of the Commission, these weaknesses highlight ‘the importance of organisational culture and a consistent commitment to safety by industry, from the highest management levels on down’. E4 Recognising a poorly-functioning risk culture Studies of such major organisational risk culture failures have enabled us to become clearer about how to recognise a problem organisation. The indications include: a leadership that sends inconsistent or unclear messages on acceptable levels of risk; risk is perceived to be managed intuitively and not discussed when making decisions; few questions get asked regarding what might go wrong, provided business results are delivered; there is little or no sanction for those taking inappropriate levels of risk; and an audit check reveals that agreed risk management procedures (e.g. completing risk assessments) are routinely ignored. Chapter 1 1/16 I11/October 2023 Introduction to risk management Being able to recognise the problem is a major help for Boards and risk managers in ensuring that a healthy risk culture is created and maintained. E5 Towards a ‘risk mature’ culture There is a view that the preferred risk attitude for an organisation is neither risk averse nor risk seeking; rather it should be ‘risk mature’. This means creating a supportive culture in the organisation: one that recognises and accepts that uncertainty is inevitable and welcomes it as an opportunity to reap the rewards associated with effective risk management. Many risk managers agree that there is such a thing as an overall ‘risk culture’ in any organisation. This is not new — insurance company risk surveyors have long recognised the presence and impact of positives such as: good managers; trained workers; regular maintenance; learning from mistakes and incidents; willingness to take advice; and willingness to spend (invest) money to improve risk. Insurance company surveyors would also note the signs of poor risk management: fire doors propped open; warnings ignored; cost cutting; a ‘hoping for good luck’ attitude to risk; and a readiness to bend the rules. Perhaps it is easier to point to examples of good culture than it is to define it in words or to come up with the perfect recipe for measuring and improving the culture. F Risk in decision making Sometimes we can make decisions (choices) and sometimes they are made for us. We will look in this section at risk in decision making in terms of the different areas of activity in which decisions are made (personal life, business and organisational life, political decisions) and the factors that can lead to human error in decision making. F1 Personal As individuals we are faced with many forms of risk: the choice of a career; where to live; what sports and pastimes to take up; even the choice of a lifetime partner could be said to carry a risk with it. For many, personal responsibility for risk decisions will follow into adult professional life. Doctors and surgeons are often faced with difficult choices in the face of uncertainty: the decision to operate or not; to prescribe one drug as opposed to another; to diagnose accurately in the light of uncertain and possibly incomplete information. In recent years we have seen the impact of risk on the decisions taken by social workers with regard to failing to take into care children known to be at risk of harm from a parent. Decisions that are made in the face of uncertainty involve weighing the potential rewards of an act against its potential adverse consequences. F2 Business and organisational Decision making is at the heart of business and organisational life: a property speculator contemplating a sale or a purchase; a buyer for a chain of retail clothing shops anticipating trends in fashion and choosing which new items to stock. Risk management can be regarded as a decision-making process, linking the understanding of risks faced with the action to do, or not to do, something about them. There are decisions to be taken about how to identify risks, how to measure their significance and how they might be eliminated or at least reduced. The output of this process needs then to inform the decision-making mechanisms of an organisation as it decides whether to exploit or reject the opportunities that come its way. One practical way to do this Chapter 1 Components of risk 1/17 Chapter 1 is to ensure that risk assessments automatically form part of the information considered when any big decisions are being made. F3 Political Political decisions deserve special mention because textbooks on corporate risk management often concentrate solely on business. We might think of political risk decisions as the big ones, like a general committing their troops to battle, or a prime minister or president committing their country to curbing carbon dioxide emissions. But the boundaries between business, national government, local government and the non-profit or charity sector are now rather blurred. There are many forms of public-private partnership and social enterprise. Thus, what we say about risk in decision making for the business sphere, can apply almost equally well in the political sphere. F4 Human error in decision making Human error can affect the decisions of individuals and lead to adverse impacts, either immediately or after lying hidden for a time. High reliability industries such as nuclear power, aviation and healthcare face the most dramatic consequences of errors in decision making, but human error can have an adverse effect in any field of activity. The causes of human error are a complex mix of memory, skills, attention and other factors. Mental shortcuts (or ‘heuristics’) can lead us to make false assumptions without realising what we are doing. Some examples of such short cuts are described in this section. F4A Availability bias We are prone to anxiety about, and to overestimating the probability of, memorable events, and are perhaps made even more so by coverage in the media. Low concern about the probability of a road accident and high concern about the possibility of an aeroplane crash is a widely-used example. We tend to overestimate the air crash risk because air crashes are big events, e.g. the 2014 loss of Malaysia Airlines flight MH370 in the southern Indian Ocean, because they are so widely-reported and more 'available' to us. F4B Anchoring effect This describes the common human tendency to rely too heavily on the first piece of information offered (the ‘anchor’) when making decisions. Our first impression acts as an anchor or reference point to which all subsequent and related information is compared. If the anchor contains incomplete or irrelevant information we can end up making a bad decision. Example 1.5 In a study involving professional estate agents and ordinary members of the public, participants were taken to view several properties. In each case, participants were given a comprehensive booklet about the property, including either a high or low list price chosen at random by the researchers. After viewing the properties, participants were asked to estimate the actual value of the property. When the list price was high, final estimates also tended to be elevated, for both the professionals and the ordinary members of the public. Inclusion of a starter price had acted as an anchor and subtly biased the decision process. F4C Familiarity Refer to Familiarity also discussed in Familiarity on page 1/10 The ‘familiarity’ effect can have important implications for decision making. Doctors are trained to use scientific facts to prescribe treatments, but as patients, we tend to make health decisions that are heavily influenced by familiarity, rather than factual knowledge about diseases. Studies hav

Use Quizgecko on...
Browser
Browser