ENTERPRISE RISK MANAGEMENT PDF

ENTERPRISE RISK MANAGEMENT BSBA-HRM 3-1 (Monday, 6:00 PM – 9:00 PM) Basic Concepts in Risk Management and Insurance 1st Presenter (Group 3) Leader: Quintela, Joan Members: Bugna, Mary Jo-ann Langcauon, Monina Zyra Poseo, Ma. Christel Ybanez, Ricadelle MARCH 11, 2024 WRITTEN REPORT I. RISK AND ITS TREATMENT (presented by Ybañez, Ricadelle) There is no single definition of risk. Economists, behavioral scientists, risk theorists, statisticians, actuaries, and historians each have their own concept of risk. Traditional Definition of Risk Risk traditionally has been defined in terms of uncertainty. Based on this concept, risk is defined as uncertainty concerning the occurrence of a loss. In which “uncertain” is defined as “not able to be relied on; not known or definite:” or “not known beyond doubt” according to Merriam Webster. EXAMPLE: the risk of being killed in an auto accident is present because uncertainty is present. The risk of lung cancer for smokers is present because uncertainty is present. The risk of flunking a required college course is present because uncertainty is present. Risk Distinguished from Uncertainty In economics and finance literature, authors and actuaries often make a distinction between risk and uncertainty. Actuary is a person who compiles and analyzes statistics and uses them to calculate insurance risks and premiums (Oxford Languages). According to the American Academy of Actuaries, the term risk is used in situations where the probabilities of possible outcomes are known or can be estimated with some degree of accuracy, whereas uncertainty is used in situations where such probabilities cannot be estimated. EXAMPLE: the probability of dying at each attained age can be estimated with considerable accuracy. In contrast, the probability of destruction of your home by a meteorite from outer space is only a guess and generally cannot be accurately estimated. As such, many authors have developed their own concept of risk, and numerous definitions of risk exist in professional literature. Loss Exposure Loss exposure is any situation or circumstance in which a loss is possible, regardless of whether a loss actually occurs. EXAMPLES of loss exposures include: -manufacturing plants that may be damaged by an earthquake or flood, -defective products that may result in lawsuits against the manufacturer, -possible theft of company property because of inadequate security, -and potential injury to employees because of unsafe working conditions. Objective Risk Objective risk (also called degree of risk) is defined as the relative variation of actual loss from expected loss. It declines as the number of exposures increases. More specifically, objective risk varies inversely with the square root of the number of cases under observation. Objective risk can be statistically calculated by some measure of dispersion, such as the standard deviation or the coefficient of variation. Because objective risk can be measured, it is an extremely useful concept for an insurer or a corporate risk manager. As the number of exposures increases, an insurer can predict its future loss experience more accurately because it can rely on the law of large numbers. The law of large numbers of states that as the number of exposure units increases, the more closely the actual loss experience will approach the expected loss experience. Subjective Risk (Perceived Risk) Subjective risk (perceived risk) is defined as uncertainty based on a person’s mental condition or state of mind. Another name for subjective risk is perceived risk; some authors use the term in their discussion of the perception of risk by individuals. The impact of subjective risk varies depending on the individual. Two people in the same situation can have a different perception of risk, and their behavior may be altered accordingly. If an individual experiences great mental uncertainty concerning the occurrence of a loss, that person’s behavior may be affected. High subjective risk often results in conservative and prudent behavior, whereas low subjective risk may result in less conservative behavior. CHANCE OF LOSS Chance of loss is closely related to the concept of risk. The chance of loss is defined as the probability that an event will occur. Like risk, probability has both objective and subjective aspects. Objective Probability Objective probability refers to the long-run relative frequency of an event based on the assumptions of an infinite number of observations and of no change in the underlying conditions. Objective probabilities can be determined in two ways. 1. First, they can be determined by deductive reasoning. These probabilities are called priori probabilities. 2. Second, objective probabilities can be determined by inductive reasoning rather than by deduction. Inductive reasoning moves from specific observations to broad generalizations, and deductive reasoning the other way around. (Scribbr, 2022) Subjective Probability Subjective probability is the individual’s personal estimate of the chance of loss. Subjective probability need not coincide with objective probability. PERIL AND HAZARD Peril - Peril is defined as the cause of loss. EXAMPLE: If your house burns because of a fire, the peril, or cause of loss, is the fire. If your car is damaged in a collision with another car, collision is the peril, or cause of loss. Common perils that cause loss to property include fire, lightning, windstorm, hail, tornado, earthquake, flood, burglary, and theft. Hazard - A hazard is a condition that creates or increases the frequency or severity of loss. Essentially, a hazard makes a peril more likely to occur or makes it worse. There are four major types of hazards: 1. Physical hazard - A physical hazard is a physical condition that increases the frequency or severity of loss. Examples of physical hazards include icy roads that increase the chance of an auto accident, defective wiring in a building that increases the chance of fire, and a defective lock on a door that increases the chance of theft. 2. Moral hazard - Moral hazard is dishonesty or character defects in an individual that increase the frequency or severity of loss. Examples of moral hazard in insurance include faking an accident to collect benefits from an insurer, submitting a fraudulent claim, inflating the amount of a claim, and intentionally burning unsold merchandise that is insured. Murdering the insured to collect the life insurance proceeds is another important example of moral hazard. 3. Attitudinal hazard (morale hazard) - Attitudinal hazard is carelessness or indifference to a loss, which increases the frequency or severity of a loss. Examples of attitudinal hazard include leaving car keys in an unlocked car, which increases the chance of theft; leaving a door unlocked, which allows a burglar to enter; and changing lanes suddenly on a congested expressway without signaling, which increases the chance of an accident. Careless acts like these increase the frequency and severity of loss. The term morale hazard has the same meaning as attitudinal hazard. Morale hazard is a term that appeared in earlier editions of this text to describe someone who is careless or indifferent to a loss. However, the term attitudinal hazard is more widely used today and is less confusing to students and more descriptive of the concept being discussed. 4. Legal hazard - Legal hazard refers to characteristics of the legal system or regulatory environment that increase the frequency or severity of losses. Examples include adverse jury verdicts or large damage awards in liability lawsuits; statutes that require insurers to include coverage for certain benefits in health insurance plans, such as coverage for alcoholism; and regulatory action by state insurance departments that prevents insurers from withdrawing from a state because of poor underwriting results. CLASSIFICATION OF RISK Risk can be classified into several distinct classes. The most important include the following: ▪ Pure and speculative risk ▪ Diversifiable risk and non-diversifiable risk ▪ Enterprise risk ▪ Systemic risk Pure Risk and Speculative Risk Pure risk is defined as a situation in which there are only the possibilities of loss or no loss. The only possible outcomes are adverse (loss) and neutral (no loss). Examples of pure risks include premature death, job related accidents, catastrophic medical expenses, and damage to property from fire, lightning, flood, or earthquake. In contrast, speculative risk is defined as a situation in which either profit or loss is possible. For example, if you purchase 100 shares of common stock, you will profit if the price of the stock increases but would lose if the price declines. Other examples of speculative risks include betting on a horse race, investing in real estate, and going into business for yourself. In these situations, both profit and loss are possible. Diversifiable Risk and Non diversifiable Risk Diversifiable risk is a risk that affects only individuals or small groups and not the entire economy. It is a risk that can be reduced or eliminated by diversification. In contrast, non-diversifiable risk is a risk that affects the entire economy or large numbers of persons or groups within the economy. It is a risk that cannot be eliminated or reduced by diversification. The distinction between a diversifiable and non-diversifiable (fundamental) risk is important because government assistance may be necessary to insure non-diversifiable risks. Enterprise Risk Enterprise risk is a term that encompasses all major risks faced by a business firm. Such risks include pure risk, speculative risk, strategic risk, operational risk, and financial risk. We have already explained the meaning of pure and speculative risk. Strategic risk refers to uncertainty regarding the firm’s financial goals and objectives; for example, if a firm enters a new line of business, the line may be unprofitable. Operational risk results from the firm’s business operations. Enterprise risk also includes financial risk, which is becoming more important in a commercial risk management program. Financial risk refers to the uncertainty of loss because of adverse changes in commodity prices, interest rates, foreign exchange rates, and the value of money. Systemic Risk Systemic risk is the risk of the collapse of an entire system or entire market due to the failure of a single entity or group of entities that can result in the breakdown of the entire financial system. EXAMPLE: Macroeconomic factors, such as inflation, interest rates, currency fluctuations. Environmental factors, such as climate change, natural disasters, resource, and biodiversity loss. Social factors, such as wars, changing consumer perspectives, population trends. Economic decline: A sustained economic decline can affect employment and consumer spending. Global affairs: Wars and famines can lead to higher inflation rates and more acute systematic risks. Natural disasters: Mother Nature can cause financial crises if areas flood or experience droughts. Public health: A widespread infectious disease can be a systematic risk. MAJOR PERSONAL RISKS AND COMMERCIAL RISKS Certain pure risks are associated with great economic insecurity for both individuals and families, as well as for commercial business firms. This section discusses (1) important personal risks that affect individuals and families and (2) major commercial risks that affect business firms. Personal Risks Personal risks are risks that directly affect an individual or family. They involve the possibility of the loss or reduction of earned income, extra expenses, and the depletion of financial assets. Major personal risks that can cause great economic insecurity include the following: “Economic security” can be understood as a term for how well people are able to regularly meet their needs. “Economic insecurity,” its opposite, happens when there aren’t enough resources to pay for food, housing, medical care, and other essentials. (Mollenkamp in Investopedia, 2022) 1. Premature death Premature death is defined as the death of a family head with unfulfilled financial obligations. These obligations include dependents to support, a mortgage to be paid off, children to educate, and credit cards or installment loans to be repaid. If the surviving family members have insufficient replacement income or past savings to replace the lost income, they will be exposed to considerable economic insecurity. Premature death can cause economic insecurity only if the deceased has dependents to support or dies with unsatisfied financial obligations. Thus, the death of a 7-year-old child is not “premature” in the economic sense, as small children generally are not working and contributing to the financial support of the family. 2. Inadequate retirement income The major risk during retirement is inadequate income. The majority of workers in the United States retire before age 65. When they retire, they lose their earned income. Unless they have sufficient financial assets on which to draw or have access to other sources of retirement income—such as Social Security or a private pension, a 401(k) plan, or an individual retirement account (IRA)—they will be exposed to considerable economic insecurity. 3. Poor health Poor health is another major personal risk that can cause great economic insecurity. The risk of poor health includes both the payment of catastrophic medical bills and the loss of earned income. 4. Unemployment Unemployment is a major cause of economic insecurity in many countries. Unemployment can result from business cycle downswings, technological and structural changes in the economy, seasonal factors, imperfections in the labor market, and other causes as well. Property Risks Persons owning property are exposed to property risks—the risk of having property damaged or destroyed from numerous causes. Homes and other real estate and personal property can be damaged or destroyed because of fire, lightning, tornado, windstorm, and numerous other causes. There are two major types of loss associated with the destruction or theft of property: direct loss and indirect or consequential loss. Direct Loss - A direct loss is defined as a financial loss that results from the physical damage, destruction, or theft of the property. For example, if you own a home that is damaged or destroyed by a fire, the physical damage to the home is a direct loss. Indirect or Consequential Loss - An indirect loss is a financial loss that results indirectly from the occurrence of a direct physical damage or theft loss. For example, as a result of the fire to your home, you may incur additional living expenses to maintain your normal standard of living. You may have to get a motel room or rent an apartment while the home is being repaired. You may have to eat some or all your meals at local restaurants. You may also lose rental income if a room is rented, and the house is not habitable. These additional expenses that resulted from the fire would be a consequential loss. Liability Risks According to Insuranceopedia (2024), a liability risk is a vulnerability that can cause a party to be held responsible for certain types of losses. Put another way, it is the risk that an individual or business will take an action that causes bodily injury, death, property damage, or financial loss to 3rd parties. EXAMPLES: -A customer slipped and fell on the wet floor in your store. -Your delivery staff accidentally knock over an expensive vase at your customer’s home while on delivery. -A customer gets takeout from your restaurant and gets sick after eating it at home. Liability risks are of great importance for several reasons. 1. First, there is no maximum upper limit with respect to the amount of the loss. You can be sued for any amount. In contrast, if you own property, there is a maximum limit on the loss. 2. Second, a lien can be placed on your income and financial assets to satisfy a legal judgment. -Lastly, legal defense costs can be enormous. If you have no liability insurance, the cost of hiring an attorney to defend you can be staggering. If the suit goes to trial, attorney fees and other legal expenses can be substantial. Commercial Risks Business firms also face a wide variety of pure risks that can financially cripple or bankrupt the firm if a loss occurs. These risks include (1) property risks, (2) liability risks, (3) loss of business income, (4) cybersecurity and identity theft, and (5) other risks. (1) Property Risks. Business firms own valuable business property that can be damaged or destroyed by numerous perils, including fires, windstorms, tornadoes, hurricanes, earthquakes, and other perils. Business property includes plants and other buildings; furniture, office equipment, and supplies; computers and computer software and data; inventories of raw materials and finished products; company cars, boats, and planes; and machinery and mobile equipment. The firm also has accounts receivable records and may have other valuable business records that could be damaged or destroyed and expensive to replace. (2) Liability Risks. Business firms often operate in highly competitive markets where lawsuits for bodily injury and property damage are common. The lawsuits range from small nuisance claims to multimillion-dollar demands. Firms are sued for numerous reasons, including defective products that harm or injure others, pollution of the environment, damage to the property of others, injuries to customers, discrimination against employees and sexual harassment, violation of copyrights and intellectual property, and numerous other reasons. In addition, directors and officers may be sued by stockholders and other parties because of financial losses and mismanagement of the company. Finally, commercial banks, other financial institutions, and other business firms are exposed to enormous potential liability because of cyber security and identify theft crimes that have occurred in recent years. (3) Loss of Business Income. Another important risk is the potential loss of business income when a covered physical damage loss occurs. The firm may be shut down for several months because of a physical damage loss to business property due to a fire, tornado, hurricane, earthquake, or other perils. During the shutdown period, the firm would lose business income, which includes the loss of profits, the loss of rents if business property is rented to others, and the loss of local markets. In addition, during the shutdown period, certain expenses may continue, such as rent, utilities, leases, interest, taxes, some salaries, insurance premiums, and other overhead costs. Fixed costs and continuing expenses that are not offset by revenues can be sizeable if the shutdown period is lengthy. Finally, the firm may incur extra expenses during the period of restoration that would not have been incurred if the loss had not taken place. (4) Cybersecurity and Identity Theft. Cybersecurity and identity theft by thieves breaking into a firm’s computer system and database are major problems for many firms. Computer hackers have been able to steal hundreds of thousands of consumer credit records, which have exposed individuals to identity theft and violation of privacy. As a result, commercial banks, financial institutions, and other business firms are exposed to enormous legal liabilities. Other crime exposures include robbery and burglary; shoplifting; employee theft and dishonesty; fraud and embezzlement; piracy and theft of intellectual property, and computer crimes. (5) Other Risks. Business firms must cope with a wide variety of additional risks, summarized as follows: ▪ Human resources exposures. These include job related injuries and disease of workers; death or disability of key employees; group life and health and retirement plan exposures; and violation of federal and state laws and regulations. ▪ Foreign loss exposures. These include acts of terrorism, political risks, kidnapping of key personnel, damage to foreign plants and property, and foreign currency risks. ▪ Intangible property exposures. These include damage to the market reputation and public image of the company, the loss of goodwill, and loss of intellectual property. For many companies, the value of intangible property is greater than the value of tangible property. ▪ Government exposures. Federal and state governments may pass laws and regulations that have a significant financial impact on the company. BURDEN OF RISKS ON SOCIETY The presence of risk results in certain undesirable social and economic effects. Risk entails three major burdens on society: ▪ The size of an emergency fund must be increased. ▪ Society is deprived of certain goods and services. ▪ Worry and fear are present. Larger Emergency Fund It is prudent to set aside funds for an emergency. However, in the absence of insurance, individuals and business firms would have to increase substantially the size of their emergency fund to pay for unexpected losses. Loss of Certain Goods and Services A second burden of risk is that society is deprived of important goods and services. For example, because of the risk of a liability lawsuit, many corporations have discontinued manufacturing certain products. Numerous examples can be given. Some 250 companies in the world once manufactured childhood vaccines; today, only a small number of firms manufacture vaccines, due in part to the threat of liability suits. Other firms have discontinued the manufacture of specific products, including asbestos products, football helmets, silicone-gel breast implants, and certain birth-control devices, because of fear of legal liability. Worry and Fear The final burden of risk is that of worry and fear. Numerous examples illustrate the mental unrest and fear caused by risk. Parents may be fearful if a teenage son or daughter departs on a ski trip during a blinding snowstorm because the risk of being killed on an icy road is present. Some passengers in a commercial jet may become extremely nervous and fearful if the jet encounters severe turbulence during the flight. A college student who needs a grade of C in a course to graduate may enter the final examination room with\ a feeling of apprehension and fear. TECHNIQUES FOR MANAGING RISK Techniques for managing risk can be classified broadly as either risk control or risk financing. Risk control refers to techniques that reduce the frequency or severity of losses. Risk financing refers to techniques that provide for the funding of losses. Risk managers typically use a combination of techniques for treating each loss exposure. Risk Control Risk control is a generic term to describe techniques for reducing the frequency or severity of losses. Major risk-control techniques include the following: ▪ Avoidance. Avoidance is one technique for managing risk. For example, you can avoid the risk of being mugged in a high-crime area by staying away from high- crime rate areas; you can avoid the risk of divorce by not marrying; and business firms can avoid the risk of being sued for a defective product by not producing the product. ▪ Loss prevention. Loss prevention is a technique that reduces the probability of loss so that the frequency losses is reduced. Several examples of personal loss prevention can be given. Auto accidents can be reduced if motorists take a safe- driving course and drive defensively. The number of heart attacks can be reduced if individuals control their weight, stop smoking, and eat healthy diets. ▪ Loss reduction. Strict loss prevention efforts can reduce the frequency of losses; however, some losses will inevitably occur. Thus, another objective of loss control is to reduce the severity of a loss after it occurs. - Duplication. Losses can also be reduced by duplication. This technique refers to having back-ups or copies of important documents or property available in case a loss occurs. For example, back-up copies of key business records (e.g., accounts receivable) are available in case the original records are lost or destroyed. - Separation. Another technique for reducing losses is separation. The assets exposed to loss are separated or divided to minimize the financial loss from a single event. For example, a manufacturer may store finished goods in two warehouses in different cities. If one warehouse is damaged or destroyed by a fire, tornado, or other peril, the finished goods in the other warehouse are unharmed. - Diversification. Finally, losses can be reduced by diversification. This technique reduces the chance of loss by spreading the loss exposure across different parties. The risk is reduced if a manufacturer has a number of customers and suppliers. For example, if the entire customer base consists of only four domestic purchasers, sales will be impacted adversely by a domestic recession. However, if there are foreign customers and additional domestic customers as well, this risk is reduced. Similarly, the risk of relying on a single supplier can be minimized by having contracts with several suppliers. From the viewpoint of society, loss control is highly desirable for two reasons. 1. First, the indirect costs of losses may be large, and in some instances can easily exceed the direct costs. 2. Second, the social costs of losses are reduced. Social costs can be reduced through an effective loss-control program. Risk Financing As I’ve mentioned earlier, risk financing refers to techniques that provide for the payment of losses after they occur. Major risk-financing techniques include the following: ▪ Retention ▪ Noninsurance transfers ▪ Insurance Retention. Retention is an important technique for managing risk. Retention means that an individual or a business firm retains part of all the losses that can result from a given risk. Risk retention can be active or passive. Active Retention. Active risk retention means that an individual is consciously aware of the risk and deliberately plans to retain all or part of it. Active risk retention is used for two major reasons. First, it can save money. Insurance may not be purchased, or it may be purchased with a deductible; either way, there is often substantial savings in the cost of insurance. Second, the risk may be deliberately retained because commercial insurance is either unavailable or unaffordable. Passive Retention. Risk can also be retained passively. Certain risks may be unknowingly retained because of ignorance, indifference, laziness, or failure to identify an important risk. Passive retention is very dangerous if the risk retained has the potential for financial ruin. Self-Insurance Self-insurance is a special form of planned retention by which part or all of a given loss exposure is retained by the firm. Another name for self-insurance is self- funding, which expresses more clearly the idea that losses are funded and paid for by the firm. Noninsurance transfers. Noninsurance transfers are another technique for managing risk. The risk is transferred to a party other than an insurance company. A risk can be transferred by several methods, including: Transfer of Risk by Contracts. Undesirable risks can be transferred by contracts. For example, the risk of a defective television or stereo set can be transferred to the retailer by purchasing a service contract, which makes the retailer responsible for all repairs after the warranty expires. The risk of a rent increase can be transferred to the landlord by a long-term lease. The risk of a price increase in construction costs can be transferred to the builder by having a guaranteed price in the contract. Finally, a risk can be transferred by a hold harmless clause. For example, if a manufacturer of scaffolds inserts a hold-harmless clause in a contract with a retailer, the retailer agrees to hold the manufacturer harmless in case a scaffold collapses and someone is injured. Hedging Price Risks. Hedging price risks is another example of risk transfer. Hedging is a technique for transferring the risk of unfavorable price fluctuation to a speculator by purchasing and selling futures contracts on an organized exchange. Incorporation of a Business Firm. Incorporation is another example of risk transfer. If a firm is a sole proprietorship, the owner’s personal assets can be attached by creditors for satisfaction of debts. If a firm incorporates, personal assets cannot be attached by creditors for payment of the firm’s debts. In essence, by incorporation, the liability of the stockholders is limited, and the risk of the firm having insufficient assets to pay business debts is shifted to the creditors Insurance. For most people, insurance is the most practical method for dealing with major risks. Although private insurance has several characteristics, three major characteristics should be emphasized. 1. First, risk transfer is used because a pure risk is transferred to the insurer. 2. Second, the pooling technique is used to spread the losses of the few over the entire group so that average loss is substituted for actual loss. 3. Finally, the risk may be reduced by application of the law of large numbers by which an insurer can predict future loss experience with greater accuracy. II. INSURANCE AND RISK (presented by Langcauon, Monina Zyra) INSURANCE In pursuant to “Republic Act No. 10607, AN ACT STRENGTHENING THE INSURANCE INDUSTRY, FURTHER AMENDING PRESIDENTIAL DECREE NO. 612, OTHERWISE KNOWN AS “THE INSURANCE CODE,” the term insurance is defined in Sec 2 as “an agreement whereby one undertakes for a consideration to indemnify another against loss, damage or liability arising from an unknown or contingent event.” Elements of a Contract of Insurance 1. Insurable interest (Sec. 10) - legal right to insure any type of property or any event that may cause a financial loss or create a legal liability “SEC. 10. Every person has an insurable interest in the life and health: “(a) Of himself, of his spouse and of his children; “(b) Of any person on whom he depends wholly or in part for education or support, or in whom he has a pecuniary interest; “(c) Of any person under a legal obligation to him for the payment of money, or respecting property or services, of which death or illness might delay or prevent the performance; and “(d) Of any person upon whose life any estate or interest vested in him depends. 2. Risk of Loss (Sec. 3) “SEC. 3. Any contingent or unknown event, whether past or future, which may damnify a person having an insurable interest, or create a liability against him, may be insured against, subject to the provisions of this chapter. 3. Assumption of Risk (Sec. 2 (a)) “SEC. 2. A contract of insurance is an agreement whereby one undertakes for a consideration to indemnify another against loss, damage or liability arising from an unknown or contingent event. 4. Distribution of Losses - such assumption of risk is part of a general scheme to distribute actual losses among a large group of persons bearing a similar risk; and 5. Premiums (Sec. 77) - in consideration of the insurer's promise, the insured pays a premium “SEC. 77. An insurer is entitled to payment of the premium as soon as the thing insured is exposed to the peril insured against. Notwithstanding any agreement to the contrary, no policy or contract of insurance issued by an insurance company is valid and binding unless and until the premium thereof has been paid, except in the case of a life or an industrial life policy whenever the grace period provision applies, or whenever under the broker and agency agreements with duly licensed intermediaries, a ninety (90)-day credit extension is given. No credit extension to a duly licensed intermediary should exceed ninety (90) days from date of issuance of the policy. BASIC CHARACTERISTICS OF INSURANCE An insurance typically includes the following characteristics: Pooling of Losses - refers to the spreading/sharing of losses incurred by the few over the entire group, so that in the process, average loss is substituted for actual loss. In addition, pooling involves the grouping of a large number of exposure units so that the law of large numbers can operate to provide a substantially accurate prediction of future losses. The primary purpose of pooling, or the sharing of losses, is to reduce the variation in possible outcomes as measured by the standard deviation or some other measure of dispersion, which reduces risk. Payment of Fortuitous Losses - A fortuitous loss is one that is unforeseen and unexpected by the insured and occurs as a result of chance. In other words, the loss must be accidental. The law of large numbers is based on the assumption that losses are accidental and occur randomly. Risk Transfer - Risk transfer means that a pure risk is transferred from the insured to the insurer, who typically is in a stronger financial position to pay the loss than the insured. Pure risk refers to the risks that present the opportunity for loss but no opportunity for gain. Indemnification - means that the insured is restored to his or her approximate financial position prior to the occurrence of the loss. Indemnification simply means that the insurer will help cover loss through compensation of any damage, loss or injury. CHARACTERISTICS OF AN IDEALLY INSURABLE RISK Generally, only pure risks are being insured, however, from the viewpoint of private insurers, insurable risks should have certain characteristics. Ideally, there are six (6) characteristics of an insurable risk: There must be a large number of exposures units. The loss must be accidental and unintentional. The loss must be determinable and measurable. The loss should not be catastrophic. The chance of loss must be calculable. The premium must be economically feasible. ADVERSE SELECTION AND INSURANCE This is usually the problem that insurers deal with. Adverse selection pertains to the tendency of persons with higher-than-average chance of loss to seek insurance at standard rates, which might result in financial loss of the insurers. Adverse selection can be controlled by careful underwriting, applicants who meet the underwriting standards are insured at standard or preferred rates while those who don’t, insurance is denied, or extra premium must be paid or offered coverage is limited. TYPES OF INSURANCE 1. Marine Insurance (Sec. 101 (b)) - meaning insurance against, or against legal liability of the insured for loss, damage, or expense incident to ownership, operation, chartering, maintenance, use, repair, or construction of any vessel, craft or instrumentality in use of ocean or inland waterways, including liability of the insured for personal injury, illness or death or for loss of or damage to the property of another person. 2. Fire Insurance (Sec. 169) - the term fire insurance shall include insurance against loss by fire, lightning, windstorm, tornado or earthquake and other allied risks, when such risks are covered by extension to fire insurance policies or under separate policies. 3. Casualty Insurance (Sec. 176) - Casualty insurance is insurance covering loss or liability arising from accident or mishap, excluding certain types of loss which by law or custom are considered as falling exclusively within the scope of other types of insurance such as fire or marine. 4. Suretyship (Sec. 177) - A contract of suretyship is an agreement whereby a party called the surety guarantees the performance by another party called the principal or obligor of an obligation or undertaking in favor of a third party called the obligee. 5. Life Insurance (Sec. 181-182) - Life insurance is insurance on human lives and insurance appertaining thereto or connected therewith. III. INTRODUCTION TO RISK MANAGEMENT (presented by Ybañez and Langcauon) RISK MANAGEMENT is a process that identifies loss exposures faced by an organization and selects the most appropriate techniques for treating such exposures. Loss exposure is any situation or circumstance in which a loss is possible, regardless of whether a loss occurs. OBJECTIVES OF RISK MANAGEMENT PRE-LOSS OBJECTIVES POST-LOSS OBJECTIVES 1. The firm should prepare for 1. Survival of the firm. potential losses in the most economical way. 2. Reduction of anxiety. 2. To continue operating. 3. To meet any legal obligations. 3. Stability of earnings. - 4. Continued growth of the firm. STEPS IN THE RISK MANAGEMENT PROCESS There are four steps in the risk management process: STEP 1: Identify loss exposures. - This step involves an exhaustive review of all potential losses such as crime loss exposures and property loss exposures. STEP 2: Measure and analyze the loss exposures. - It is important to measure and quantify the loss exposures in order to manage them properly. This step requires an estimation of the frequency and severity of loss. Loss frequency refers to the probable number of losses that may occur during some given time period. Loss severity refers to the probable size of the losses that may occur. STEP 3: Select the appropriate combination of techniques for treating loss exposures. Two techniques are classified into two: (1) Risk control - is a generic term to describe techniques for reducing frequency or severity. Avoidance - means a certain loss exposure is never acquired or undertaken, or an existing loss exposure is abandoned. Loss prevention - refers to measures that reduce the frequency of a particular loss. Loss reduction - refers to measures that reduce the severity of a loss after it occurs. Duplication - refers to having back-ups or copies of important documents or property available in case a loss occurs. Separation - means dividing the assets exposed to loss to minimize the harm from a single event. Diversification - refers to reducing the chance of loss by spreading the loss exposure across different parties (e.g., customers and suppliers), securities (e.g., stocks and bonds), or transactions. Having different customers and suppliers reduces risk. (2) Risk Financing - refers to techniques that provide for the payment of losses after they occur. (a) Retention - means that the firm retains part or all of the losses that can result from a given loss. Active risk retention - means that the firm is aware of the loss exposure and consciously decides to retain part or all of it. Passive risk retention - unplanned acceptance of losses because of failure to identify risk, failure to act, or forgetting to act. Retention can be effectively used in a risk management program under the following conditions: o No other method of treatment is available. o The worst possible loss is not serious. o Losses are fairly predictable. Determining Retention Levels - if retention is used, the risk manager must determine the firm’s retention level, which is the monetary amount of losses that the firm will retain. Paying Losses - the risk manager must have some method for paying losses. o Funded reserve. o Credit line. Captive Insurer - a captive insurer is an insurer owned by a parent firm for the purpose of insuring the parent firm’s loss exposures. Single-parent captive (insurer owned by only one parent such as corporation) Group captive (insurer owned by several parents) Self-Insurance - is a special form of planned retention by which part or all of a given loss exposure is retained by the firm. Another term for self-insurance is self- funding. Often used in group health insurance for employees. Self-insured plans are typically protected by some type of stop-loss limit that caps the employer’s out-of-pocket costs once losses exceed certain limits. (b) Noninsurance transfers - noninsurance transfers are methods other than insurance by which a pure risk and its potential financial consequences are transferred to another party. (c) Commercial insurance - insurance is appropriate for loss exposures that have a low probability of loss, but the severity of loss is high. Step 4: Implement and Monitor the Risk Management Program This step begins with a policy statement. A risk management policy statement is necessary to have an effective risk management program. This statement outlines the risk management objectives of the firm, as well as company policy with respect to the treatment of loss exposure. It also educates top-level executives regarding the risk management process; establishes the importance, role, and authority of the risk manager; and provides standards for judging the risk manager’s performance. Cooperation with other departments - other functional departments within the firm such as accounting, human resources, marketing, operations, and finance are extremely important in identifying loss exposures, methods for treating these exposures, and ways to administer the risk management program. Periodic review and evaluation - the risk management program must be periodically reviewed and evaluated to determine whether the objectives are being attained or if corrective actions are needed. PERSONAL RISK MANAGEMENT The principles of corporate risk management are also applicable to a personal risk management program. Personal risk management refers to the identification and analysis of pure risks faced by an individual or family, and to the selection and implementation of the most appropriate technique(s) for treating such risks. Personal risk management considers other methods for handling risk in addition to insurance. Steps in Personal Risk Management A personal risk management program involves four steps: (1) identify loss exposures, (2) measure and analyze the loss exposures, (3) select appropriate techniques for treating the loss exposures, and (4) implement and review the risk management program periodically. ▪ Identify Loss Exposures The first step is to identify all loss exposures that can cause serious financial problems. Serious financial losses can result from the following: 1. Personal loss exposures 2. Property loss exposures 3. Liability loss exposures ▪ Analyze the Loss Exposures The second step is to measure and analyze the loss exposures. The frequency and severity of potential losses should be estimated so that the appropriate techniques can be used to deal with the exposure. On the other hand, if loss frequency is high, but loss severity is low, such losses should not be insured (such as minor scratches and dents to your car). Other techniques such as retention are more appropriate for handling these types of small losses. ▪ Select Appropriate Techniques for Treating the Loss Exposures The third step is to select the most appropriate techniques for treating each loss exposure. The methods are avoidance, risk control, retention, noninsurance transfers, and insurance. ▪ Implement and Monitor the Program Periodically The final step is to implement the personal risk management program and review the program periodically. At least every 2 to 3 years, you should determine whether all major loss exposures are adequately covered. You should also review your program at major events in your life, such as a divorce, birth of a child, purchase of a home, change of jobs, or death of a spouse or family member. IV. BENEFITS OF RISK MANAGEMENT (presented by Quintela, Joan) NO RISK, NO RETURN = HIGHER RISK, HIGHER RETURN Figure 1.1 Risk and Absolute Return (from Lam, 2014) Risk management isn't just about avoiding problems or minimizing losses; it's also about seizing opportunities and maximizing gains. This approach ensures that a business is both cautious and proactive, aiming to achieve its goals while being mindful of potential risks. Figure 1.2 Risk and Relative Return (from Lam, 2014) Individual investors need to be careful about how much risk they're willing to take for their investment plans. If they take on too much risk, such as by choosing bold investments, they might end up losing more than expected. But if they don't take enough risk and go for safe investments, they might earn stable returns, however, it might not be enough to reach their revenue goals. Zone 1: The company isn't taking enough chances; hence, they are not using their money well. It would be smarter for the company to take more risks by growing or buying other companies, or by giving out more dividends to shareholders. Zone 2: The company has found the perfect balance between taking risks and getting rewards. However, most companies lack good information about all the risks they face across the entire business, and they don't know where they stand in terms of balancing risk with potential gains. Zone 3: The company is taking on too much risk, going beyond what it can manage with its available resources and capabilities. So, why do we need to manage the risk? A. Managing Risk is Management’s Job - The managers' main task is to make sure the company reaches its goals without taking on too much risk. They need to keep things safe while making sure the company succeeds. B. Managing Risk Can Reduce Earnings Volatility - Risk management aims to lessen how much a company's earnings and market value are influenced by outside factors. For instance, companies skilled at handling market risks should experience less impact on their stock prices when market prices fluctuate. C. Managing Risk Can Maximize Shareholder Value - Risk management is important for businesses to reach their goals and keep shareholders satisfied. It also makes it easier for companies to get funding and reduces uncertainty in business, which is good for the economy overall. D. Risk Management Promotes Financial Security - Because of proper risk management, the company will surely secure their financial and revenues. Hence, will also achieve their target objective. V. CONCEPTS AND PROCESSES A. Risk Concepts (presented by Bugna, Mary Jo-ann) Risk concepts entail the systematic consideration of uncertainties or potential adverse events that could impede the achievement of desired goals or objectives, prompting proactive measures to mitigate or manage such uncertainties effectively. 1. Exposure - “WHAT DO I STAND TO LOSE?” Exposure is typically defined in terms of the worst that could possibly happen. All other things being equal, the risk associated with that event will increase as the exposure increases. 2. Volatility - “HOW UNCERTAIN IS THE FUTURE?” The variability of potential outcomes. This is particularly true for those that are predominantly dependent on market factors such as options pricing. In other applications, it is an important driver of the overall risk in terms of potential loss. Generally, the greater the volatility, the higher the risk. 3. Probability - “HOW LIKELY IS IT THAT SOME RISKY EVENT WILL ACTUALLY OCCUR?” The more likely the event is to occur in other words, the higher the probability the greater the risk. Certain events, such as interest rate movements or credit card defaults, are so likely that they need to be planned for as a matter of course and mitigation strategies should be an integral part of the business' regular operations. 4. Severity - “HOW BAD COULD IT GET?” While exposure defines the worst possible outcome, severity quantifies the likely amount of damage. Higher severity implies higher risk. Severity complements probability: knowing the likelihood and potential consequences of an event gives a clear picture of the risk. 5. Time Horizon - “HOW LONG I WILL BE EXPOSED TO THE RISK?” How long will I be exposed to the risk? The longer the duration of an exposure, the higher the risk is. For example, extending a 10-year loan to the same borrower has a much greater probability of default than a one-year loan. The time horizon can also be thought of as a measure of how long it takes (or, equivalently, how difficult it is) to reverse the effects of a decision or event. 6. Correlation - “HOW ARE THE RISKS IN MY BUSINESS RELATED TO EACH OTHER?” Correlation refers to the degree of similarity in behavior between two risks within a business context. When two risks exhibit similar patterns of behavior, such as increasing or decreasing for the same reasons or by similar magnitudes, they are considered highly correlated. In essence, if one risk rises, the other is likely to follow suit, and vice versa. 7. Capital - “HOW MUCH CAPITAL SHOULD I SET ASIDE TO COVER UNEXPECTED LOSSES?” Companies retain capital for two main purposes. Firstly, to fulfill cash needs like investment costs and operational expenses. Secondly, to safeguard against unexpected losses arising from risk exposures. B. Risk Processes (presented by Quintela, Joan) 1. Promote Risk Awareness - Businesses should harness the combined knowledge of their management and staff to assess the risks linked to their present and planned activities. Prioritizing risk awareness is the first step in managing risks effectively. This approach helps prevent mistakes and enables quick corrections when necessary. 2. Measure Risk - Just knowing about risks isn't enough. It's essential to recognize when a risk becomes a big problem and understand how serious it is. Companies need to spot changes in their surroundings that could signal risks and notice when something unexpected affects part of the company. This means communicating well within the company, using good technology, and giving clear, consistent reports about risks. 3. Control - Once someone identifies and understands a risk, they have to decide what to do about it. They have a few choices. If they don't see the risk as a big problem, they might keep going as they were. They could also try to make the risk smaller, or they might take action to lessen the risk, like moving away from danger or removing something causing harm. Sometimes, they might even ask someone else who knows more to handle a risky task, like fixing electrical problems. C. Risk Awareness (presented by Bugna, Mary Jo-ann) 1. Set the Tone from the Top - It is necessary that the CEO wholeheartedly endorses the risk management process. Addressing any hesitation in this regard demands the exertion of authority and influence. Furthermore, the CEO must establish a culture that promotes risk management, setting a precedent not only through verbal communication but also through tangible actions. 2. Ask the Right Questions - R.I.S.K. (R for Return: What are the anticipated gains from the risks we're undertaking? I for Immunization: What measures and constraints are implemented to mitigate potential losses?; S for Systems: Are the suitable systems in place to monitor and evaluate risks effectively?; K for Knowledge: Do we acquire the compulsory expertise and personnel for proficient risk management?). 3. Establish a Risk Taxonomy - The taxonomy of risk serves as a standard framework for categorizing various types and subtypes of risks, alongside the methodologies, measurements, and approaches included in risk mitigation. 4. Provide Training and Development - The process of educating employees about risks should commence during orientation, where new hires are introduced to the principles of risk management and acquainted with the diverse risk functions within the organization. 5. Link Risk and Compensation - Encouraging employees to be aware of risks is best achieved by ensuring they know that managing risks is a key aspect of their role, and that their bonuses or rewards are tied to both how well the business and they personally handle risks. It's crucial for employees to clearly see these connections. D. Risk Measurement (presented by Quintela, Joan) 1. Losses - Losses caused by credit, market, and operational risks should be logged in a database and summarized in a risk report. The database should include detailed information about the losses, only overall levels of loss and important trends should be reported to senior management. It should also compare total losses to revenue or volume. Furthermore, businesses should monitor actual losses against expected or budgeted levels. 2. Incidents - The risk report should outline significant events from the period, whether or not they caused financial losses. These events might involve losing important customers, violating company policies, system malfunctions, fraud, lawsuits, and similar occurrences. It should detail the potential impact, reasons behind these events, and the company's actions in response. 3. Risk Assessments - In addition to analyzing past problems, the risk report should also think about what could go wrong in the future. It should use the risk ideas that were mentioned above. In this part of the report, management should ask questions like: What worries you the most? What are the biggest risks you see? What might stop the company from reaching its goals? Even though these questions are different, they should lead to similar answers. Some important risks could include starting new businesses or products, not having enough staff, new technologies, and other similar factors. 4. Key Risk Indicators - This system for reporting risks has a way of fixing problems. Here's how it works: if losses and incidents aren't looked at enough in risk assessments or tracked well in key risk indicators, there might be two issues. Either the business or operational unit needs to get better at assessing and measuring risks, or they're not telling corporate management about important risks. This system is meant to make risk measurement and reporting more accurate and clearer over time. D. Risk Control (presented by Bugna, Mary Jo-ann) 1. Support Business Growth - The risk team needs to collaborate with different departments like management, marketing, legal, operations, and technology. Together, they should create a process to check and approve new business plans and ideas. This process ensures that the right people talk about important matters early on. 2. Support Profitability - Risk management drives pricing decisions, which can lead to increased business growth and profitability. The concept is that the price of any good or service ought to account for both conventional expenses and the cost of any associated hidden risks. Of course, riskier transactions would come with a higher cost of risk. 3. Control Downside Risks - In order to reduce or mitigate potential negative effects on an organization's goals, operations, or financial performance, this process involves detecting, evaluating, and managing risks inside the business. Events or situations classified as "downside risks" have the potential to have negative effects on finances, operations, reputation, or legal liability. VI. WHAT IS ERM? (presented by Poseo, Ma. Christel) A. ERM Definitions According to Committee of Sponsoring Organizations of the Treadway Commission (COSO): “ERM is a process, effected by an entity's board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its appetite, to provide reasonable assurance regarding the achievement of entity objectives.” On the other hand, James Lam defined ERM as; “Risk is a variable that can cause deviation from an expected outcome. ERM is a comprehensive and integrated framework for managing key risks in order to achieve business objectives, minimize unexpected earnings volatility, and maximize firm value.” B. The Benefits of ERM ERM is all about integration, in three ways; 1. First, enterprise risk management requires an integrated risk organization. A growing number of companies have a Chief Risk Officer (CRO) who is responsible for overseeing all aspects of risk within the organization. 2. Second, enterprise risk management requires the integration of risk transfer strategies. Under the silo approach, risk transfer strategies were executed at a transactional or individual risk level. An ERM approach, by contrast, takes a portfolio view of all types of risk within a company. 3. Third, enterprise risk management requires the integration of risk management into the business processes of a company. Rather than the defensive or control-oriented approaches used to manage downside risk and earnings volatility, enterprise risk management optimizes business performance by supporting and influencing pricing, resource allocation, and other business decisions. The Three Major Benefits Of ERM Organizational Effectiveness Most companies already have risk management and corporate-oversight functions, such as finance/insurance, audit and compliance. In addition, there may be specialist risk units: for example, investment banks usually have market risk management units, while energy companies have commodity risk managers. Risk Reporting One of the key requirements of risk management is that it should produce timely and relevant risk reporting for the senior management and board of directors. However, this is frequently not the case. In a silo framework, either no one takes responsibility for overall risk reporting, and/or every risk-related unit supplies inconsistent and sometimes contradictory reports. Business Performance Companies that adopt an ERM approach have experienced significant improvements in business performance. ERM supports key management decisions such as capital allocation, product development and pricing, and mergers and acquisitions. This leads to improvements such as reduced losses, lower earnings volatility, increased earnings, and improved shareholder value. C. The Chief Risk Officer The role of a chief risk officer has received a lot of attention within the risk management community, as well as from the finance and general management audiences. They assess and mitigate significant challenges associated with competition, regulations, and digital developments. CRO is responsible for Providing the overall leadership, vision, and direction for enterprise risk management; Establishing an integrated risk management framework for all aspects of risks across the organization; Developing risk management policies, including the quantification of the firm's risk appetite through specific risk limits; Implementing a set of risk indicators and reports, including losses and incident key risk exposures, and early warning indicators; D. Components of ERM 1. Corporate governance to ensure that the board of directors and management have established the appropriate organizational processes and corporate controls to measure and manage risk across the company. 2. Line management to integrate risk management into the revenue-generating activities of the company (including business development, product and relationship management, pricing, and so on). 3. Portfolio management to aggregate risk exposures, incorporate diversification effects, and monitor risk concentrations against established risk limits. 4. Risk transfer to mitigate risk exposures that are deemed too high, or are more cost-effective to transfer out to a third party than to hold in the company's risk portfolio. 5. Risk analytics to provide the risk measurement, analysis, and reporting tools to quantify the company's risk exposures as well as track external drivers. 6. Data and technology resources to support the analytics and reporting processes 7. Stakeholder management to communicate and report the company's risk information to its key stakeholders. REFERENCES Republic Act No. 10607 | GOVPH. (2013, August 15). Retrieved March 5, 2024, from Official Gazette of the Republic of the Philippines website: https://www.officialgazette.gov.ph/2013/08/15/republic-act-no- 10607/?fbclid=IwAR3DA5PTHwP_2wu84- zYtSOlEoiuzZnmu80kBctNZ5jPGMBfvHSqE11MDTg Lam, J. 2014. Enterprise Risk Management From Incentives to Controls. Wiley. Instructional Material: Enterprise Risk Management compiled by Asst. Prof. Jennifer Munsayac, et al

ENTERPRISE RISK MANAGEMENT PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue