ADIFM Risk and Risk Management PDF

ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT RISK AND RISK MANAGEMENT STUDY GUIDE Copyright © 2019 REGENT Business School All rights reserved; no part of this book may be reproduced in any form or by any means, including photocopying machines, without the written permission of the publisher. 1 RISK AND RISK MANAGEMENT TABLE OF CONTENTS Introduction to Risk and Risk Management 2 Chapter 1 Concept of risk 5 Chapter 2 Risk identification 20 Chapter 3 Risk evaluation 35 Chapter 4 Risk control 47 Chapter 5 Risk financing 71 Chapter 6 Operational risk management 89 Chapter 7 Risk retention 107 Chapter 8 Quality assurance 128 Chapter 9 Risk management tools 140 Chapter 10 Portfolio management 152 Bibliography 167 ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 2 RISK AND RISK MANAGEMENT INTRODUCTION TO RISK AND RISK MANAGEMENT Welcome Welcome to the Advanced Diploma in Financial Management program and the Risk and Risk Management module. This study guide has been devised in line with your syllabus and the latest developments in the field of Risk and Risk Management. The structure of the guide is simple and user-friendly. How to Use the Study Guide Due to its voluminous content, students should set aside regular study time to go through and understand this study guide. It should be studied using the prescribed and recommended textbooks and the relevant sections contained in this study guide. Ensure that you make your own notes as you work through the textbook and this study guide. You are also advised to use of any other source/s that deal/s with the sections in this study guide. At the beginning of each section, you will find a list of outcomes. This outlines the main points that you should understand when you have completed the section/s. Do not attempt to read and study everything at once. In this study guide, you will also find examples and self-assessment activities to test your knowledge, understanding and application of the subject matter in Risk and Risk Management. These are designed to help you study. It is imperative that you work through them as they also provide guidelines for assessment purposes. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 3 RISK AND RISK MANAGEMENT Prescribed and Recommended Reading PRESCRIBED READING Risk Management (2016) 4th Edition by Valsamakis, A.C., Vivian R.W. and du Toit G.S. Heinemann Publishers. RECOMMENDED READING Risk Management: A Manager’s Journey (2016) by Pickett, K.H. John Wiley and Sons. Fundamentals of Enterprise Risk Management (2015) by Hampton, J.J. Pearsons. Essentials of Investments (2016). 9th Edition by Bodie Z., Kane A., and Marcus A.J. McGraw Hill. Aim of the Module This module aims to equip students with an overview of accounting and finance so they can apply these skills in the work environment. Module Outcomes After completing this module, you should be able to: Demonstrate an understanding of the concept of risk. Identify the role of risk management in an organisation. Describe the components of a risk management framework. Identify specific types of risk. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 4 RISK AND RISK MANAGEMENT Understand the importance of risk reporting and risk disclosure. Discuss how a changing environment affects risk and risk management. Demonstrate how business risk and financial risk affect an organisation. Understand the concept of portfolio management in relation to risk management. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 5 RISK AND RISK MANAGEMENT CHAPTER ONE CONCEPT OF RISK CHAPTER OUTCOMES After working through this chapter, you should be able to: Explain the terms of risk and risk management. Identify and describe the various types of risk. Analyse the various concepts related to risk management. PRESCRIBED READING Chapter 2: Valsamakis A.C., Vivian R.W., du Toit G.S. Risk Management (2016). 4th Edition. Heinemann Publishers. 1.1 Introduction One term that has become synonymous with doing business in any industry is risk management. It is really not enough to just open your doors and start operations without thinking ahead. Elements of risk are everywhere and when they are identified before they become an issue, it is far easier to come up with viable solutions. Business risk management has become a crucial area for business leaders and their organisations to review. It is normally included in the general business strategies of most organisations. Business risk management is a process that enables organisations to identify potential risks to the business, assess and weigh them accordingly and then put in place an appropriate action plan to minimize any potentially damaging effects on the business. Indeed, all leadership and management functions should take the time to first understand and then undertake the process of business risk management. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 6 RISK AND RISK MANAGEMENT Figure 1.1 1.2 Core concepts in Risk Management 1.2.1 Uncertainty and Risk 1.2.1.1 Uncertainty Uncertainty is a situation where the current state of knowledge is such that The order or nature of things is unknown The consequences, extent, or magnitude of circumstances, conditions, or events are unpredictable, and Credible probabilities to possible outcomes cannot be assigned. Although too much uncertainty is undesirable, manageable uncertainty provides the freedom to make creative decisions. Information View Uncertainty is the degree to which available choices or the outcomes of possible alternatives are free from constraints. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 7 RISK AND RISK MANAGEMENT Statistics View Uncertainty is a situation where neither the probability distribution of a variable nor its mode of occurrence is known. Uncertainty arises from a person's imperfect state of knowledge about future events. Perceived uncertainty depends on information that person can use to evaluate the likelihood of outcomes and the ability to evaluate this information. Uncertainty consists of the following two elements: Uncertainty whether an event will take place If the event does occur what the outcome thereof will be Figure 1: Certainty and Uncertainty levels 1.2.1.2 Risk Risk is virtually anything that threatens or limits the ability of a community or organisation to achieve its mission. Risk generally results from uncertainty. In organisations, this risk can come from uncertainty in the market place (demand, supply and the stock market), failure of projects, accidents, natural disasters etc. There are different tools to deal with them depending upon the kind of risk. It can be unexpected and unpredictable events such as destruction of a building, the wiping of all your computer files, loss of funds through theft or an injury to a staff member or visitor who trips on a slippery floor and decides to sue. Any of these or a ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 8 RISK AND RISK MANAGEMENT million other things can happen, and if they do they have the potential to damage your organisation, cost you money, or in a worse- case scenario, cause your organisation to close. Definition: Risk is the deviation or variability of actual results from desired or expected results. The principle in the business world is that if risk increases, the possible return that is desired will also increase called as Risk-Return trade-off. The risk-return trade-off is the principle that potential return rises with an increase in risk. Low levels of uncertainty or risk are associated with low potential returns, whereas high levels of uncertainty or risk are associated with high potential returns. According to the risk-return trade-off, invested money can render higher profits only if the investor is willing to accept the possibility of losses. 1.2.2 Risk Management Risk management is a process of thinking systematically about all possible risks, problems or disasters before they happen and setting up procedures that will avoid the risk, or minimise its impact, or cope with its impact. It is basically setting up a process where you can identify the risk and set up a strategy to control or deal with it. It is also about making a realistic evaluation of the true level of risk. The chance of a tidal wave taking out your annual beach picnic is fairly slim. The chance of your group’s bus being involved in a road accident is a bit more pressing. Risk management begins with three basic questions: 1. What can go wrong? 2. What will we do to prevent it? 3. What will we do if it happens? Risk management consists of three distinct dimensions: Generating and utilising opportunities in situations where a business has distinct advantages in accomplishing beneficial results with improved chances of success (upside management) ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 9 RISK AND RISK MANAGEMENT Introducing controls to prevent or restrain losses as a result of the constraints posed by the operating environment of the business (downside management) Exercising methods and techniques to reduce the variance between anticipated financial outcomes and actual results (uncertainty management) 1.3 Types of risk Risk in an organisation can be categorised into many forms. Factors such as consumer tastes, changes in government regulation etc. increases the uncertainty of the future demand for a company's products whereas capital market fluctuations may lead to unexpected increases in the cost of finance, thereby increasing the variability in shareholders' returns. Risk Source: The source can be either internal or external to the system. External sources are beyond control whereas internal sources can be controlled to a certain extent. Examples of sources of risk: Short-term sales fluctuations Changes in consumer tastes Changes in technology Changes in government policy Changes in competitor's strategy Changes in the structure of an organisation Changes in organisational membership Changes in suppliers' ability to provide purchasing organisations with the required quantity of inputs Environmental disasters that may disrupt production or demolish assets Changes in the economic environment - escalating interest rates for organisations making use of loans An increase in a business's number and/or types of competitors ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 10 RISK AND RISK MANAGEMENT 1.3.1 Classification of risks Risks are classified into two broad categories Speculative risks Event risks 1.3.1.1 Speculative risks These are risks that offer a chance of gain or loss - example, a reduction in interest rates will be to the advantage of an enterprise that borrows money. 1.3.1.2 Event risks Event risks concern the possibility of loss only, possibility of loss of an enterprise's plant and equipment due to a fire. Event risk is the risk of a negative impact on a company's financial position as a result of an unexpected event like a natural disaster, industrial accident or hostile takeover. This kind of risk is often mitigated by risk management techniques such as insurance. Event risks represent the downside or no change outcomes of possible future events. They only include the possibility of losses, with no possibility of gains or-destruction of an asset by fire. If a fire occurs, a loss is incurred; if the fire does not occur then there is no loss, but also no gain. Event risks are referred to as: insurable losses since the financial consequences of these losses may be transferred to an insurance company by insuring against them. Event risk = the exposure of an enterprise to potential losses, resulting from external factors and/or from shortcomings and/or failures in the execution of its operations. The above also refers to possible losses only. No mention of potential gains. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 11 RISK AND RISK MANAGEMENT The definition also refers to: External factors (external downside risks) and Risks from operations (operational risk). 1.3.2 Risk in a corporate environment can be subdivided into four categories: Core business risks Incidental business risks Speculative Risk Operational risks External downside risks Event Risk 1.3.2.1 Core business risks (Speculative Risk) Core business risks include all the activities, decisions and events which impact directly on an organisation's operating profit. These risks are inherent in the organisation's main business and are reflected in the mission statement which causes fluctuations in profit and ultimately the earnings of the ordinary shareholder. Examples of core business risks of a manufacturing enterprise: Raw material prices Demand for the products of the enterprise Variability of costs Core business risks of a bank: Interest rate fluctuations Demand for the products/services of the bank Variability of costs Core business risks can be of two types Specific or unsystematic risk - results from variations affecting an individual enterprise and is not directly related to the rest of the economy ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 12 RISK AND RISK MANAGEMENT Systematic or market risk - risk occurrences which affect the economy as a whole. 1.3.2.2 Incidental business risks (Speculative Risk) Incidental risks arise naturally from the activities of a business- they do not form part of the organisation's main business but are necessary to ensure the continuation of the main business of the entity. The major subcategory of incidental risks is financial risk. Financial risks = The risks involved in transactions in financial assets and those that may emanate from fluctuating financial claims (deposit liabilities) Financial risks are of six types: Interest rate risk: lender of money - loss of interest income caused by changes in market interest rates. Borrower of money - to pay more for debt Liquidity risk: risk not being able to repay its depositors on demand or require date, on expiry of the agreed period of notice or on due date or not being able to meet its cash commitments when required. Investment risk: the possibility of negative variation in the value of financial instruments owing to market changes. Credit risk: risk that a debtor will fail to service the interest payments or to repay the capital when it falls due either because of bankruptcy or for any other reason, thereby causing the asset holder to suffer financial loss. Currency risk: The impact that fluctuations in exchange rates or commitments payable in foreign currencies. Capital risk: Enterprises own capital resources (shareholders' funds) may be negatively affected by losses stemming from the risks to which it is exposed. Generally speaking, financial risks are the core business risks of financial institutions because the main business of a bank is financial (it is about money as such). ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 13 RISK AND RISK MANAGEMENT 1.3.2.3 Operational risks (Event Risk) Operational risk is the exposure to losses resulting from internal failures or shortcomings of people, processes and systems. Three components of operations are: a) People b) Process c) Systems People The human factor is always to be considered in undertaking any business activity. Knowledge, experience, capability and reliability of the persons in business processes are critical risk factors. People risks - major contributing factor in many dramatic failures and, despite the difficulties of measuring this kind of risk, it needs to be targeted in any programme aimed at improving risk management. Example of people risks: Inexperienced, incompetent, unsuitable, negligent and/or maverick staff Human error A working culture creating low morale, high staff turnover, poor concentration Low productivity and industrial action Fraud and theft Unauthorised and/or ill-informed decision making at all levels Business strategy Project management Change management Liquidity and outsourcing ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 14 RISK AND RISK MANAGEMENT Processes Process risk is the risk of a business process being inadequate and causing unexpected losses. This inadequacy includes execution errors due to flaws in the processes. Processes form part of the operations environment and therefore have a strong interactive relationship with people and systems. Any changes in processes affect people and systems. Processes also affected by external events such as legislation requirements may force enterprises to follow different processes. Processes to be monitored and managed: The enterprise procurement process The enterprise accounting process The enterprise inventory management process The staff appointment process Proactive risk management should address the risks relating to processes during Mergers Acquisitions and disposals Environmental changes The implementation of new systems Re-engineering of processes Systems Systems risks result from systems failures and are primarily based upon enterprises' reliance on technology. New technologies are complex and can create uncertainty. The newer the technology, the greater the risk it may not perform as expected. The following are examples of systems risks: Systems failures Security breaches Implementation failure Insufficient systems capacity ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 15 RISK AND RISK MANAGEMENT Poor data integrity An enterprise can be exposed across all business areas to technology risk: Technology controls required to ensure that technology is protected against human error, data theft, equipment failure, fire, heat, water, smoke, corrosion, fumes, etc. 1.3.2.4 External downside risks (Event Risk) External factors as a subcategory of event risks only refer to those external factors such as natural disasters and robberies. External factors such as interest rate changes and consumer demand that may have either a negative or positive effect on the enterprise, form part of the speculative risks and are not included in this category of external risks. External factors beyond the direct control and influence of the enterprise could, Firstly, affect the operational effectiveness of an enterprise adversely. For example, if lightning should neutralise the internal systems of an enterprise, preventing it from doing business, this could result in a loss. Secondly, external factors could also affect enterprises adversely in other ways. For example, the destruction by fire of a warehouse belonging to the enterprise but not presently in use, will not necessarily affect the operational effectiveness of the enterprise, but will still represent a loss for the enterprise. As organizations do not have direct control over external factors it is difficult to manage these questions proactively. It is vital to anticipate and address the relevant issues in order to reduce the factors' adverse effects. Examples of external factors addressed during management processes: External supplier risk Physical security risk Legal (litigation) risk Natural disaster risk labour action risk ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 16 RISK AND RISK MANAGEMENT regulation/compliance risk political risk 1.4 Other important event risk concepts Depending on their particular origin, event risks can be categorised as: Fundamental risks arise from losses that are impersonal in origin and consequence. They originate in the economic, political or social interdependency of society. They are purely physical in occurrences like drought conditions occurring in Southern Africa. Particular risks are losses that have their origin in discrete events which have an essentially personal cause. Such risks would, for example, be fire damage to a building or the explosion of a pressure tank. 1.4.1. Perils and Hazard Perils give rise to risks but are not risks in themselves. They can therefore be regarded as the source of losses such as fires, explosions, earthquakes and storms. Hazard relates to the environment surrounding the cause of loss. A container of a flammable product produces a loss-causing environment which may give rise to a fire. 1.5. Risk appetite In risk management, risk appetite is the level of risk an organisation is prepared to accept. Risk appetite constraints are not easy to define; different organisations tolerate different levels of risk. Risk appetite and performance While risk appetite is about the pursuit of risk, risk tolerance is about what an organisation can actually cope with. Organisations have to take some risks and avoid others. To do so, they need to be clear about what successful performance looks like. This question may be easier to ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 17 RISK AND RISK MANAGEMENT answer for a commercial organisation than for a government department but can usefully be asked by Boards in all sectors. Putting it into practice Organisations seek to develop an approach to risk appetite that: Is theoretically sound Is practical and pragmatic: and the intention is not to create a bureaucracy, but find solutions that can work for organisations of all shapes and sizes. Figure 2 below further highlights examples of statement of risk appetite. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 18 RISK AND RISK MANAGEMENT Figure 2: Example Statements of Risk Appetite Source: Pareek (2019) 1.6 Risk Pooling and diversification A risk pool is one of the forms of risk management mostly practised by insurance companies. Under this system, insurance companies come together to form a pool, which can provide protection to insurance companies against catastrophic risks such as floods, earthquakes etc. Risk Diversification: Allocation of proportional risk to all parties to a contract, usually through a risk premium. This is also called risk allocation. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 19 RISK AND RISK MANAGEMENT SELF-ASSESSMENT EXERCISE 1. Define risk and explain its significance to management. 2. Evaluate the term operational risk. 3. Classify risk into two broad categories and describe each category in detail. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 20 RISK AND RISK MANAGEMENT CHAPTER TWO RISK IDENTIFICATION CHAPTER OUTCOMES After working through this chapter, you should be able to: Examine financial statements to identify areas of risk. Recognise legislation pertaining to risk identification. Explain risk identification and its impact on risk management. Differentiate between micro and macro risk identification. PRESCRIBED READING Chapter 5: Valsamakis A.C., Vivian R.W., du Toit G.S. Risk Management (2016). 4th Edition. Heinemann Publishers. 2.1 Risk identification Risk management is an on-going process, not a single event. Although identification is considered the most important step in the risk management process, it has generally been neglected in the relevant literature. A number of factors may have contributed to this. One factor is the preoccupation of risk managers with risk financing and, in particular, insurance. This results in risk identification and evaluation being viewed in the context of insurance provision and coverage limits, which has an emphasis on macro-risk identification. The evaluation of risk is thus dealt with through the description of risk exposures made known to the insurance market by insurance underwriting surveys, the organisations’ risk managers and their insurance intermediaries. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 21 RISK AND RISK MANAGEMENT The second factor, possibly the more significant, is that the techniques and general methodology underlying risk identification can be diverse and complex, requiring specialised skills related to specific disciplines, particularly those of engineering. It is not unexpected, therefore, that particular techniques are developed by specialist consultants from whom risk management departments obtain advice. This aspect can also be said to apply to the question of risk evaluation, which may require specialised input by consultants with the necessary mathematical/statistical or actuarial background. A third factor is that, in practice, an overlap exists between risk identification/evaluation and risk control. Risk identification and evaluation deserve separate study because they are diverse and complex subjects in their own right. The intention in this chapter is not to provide a comprehensive study of risk identification and evaluation methods, but rather to provide a more all-encompassing insight so as to achieve a holistic approach to risk management that practitioners can consider. 2.2 Macro and Micro risk identification Every risk management programme must necessarily be put in motion by the process of risk identification, because, obviously, a risk cannot be managed if it is not first identified. Hence, risk identification must be viewed as the single most important function of the risk management process should be approached in as systematic a way as possible. A systemised approach to risk identification may be achieved by first considering what risks the organisation faces on the macro and micro levels. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 22 RISK AND RISK MANAGEMENT ACTIVITY Compare macro and micro risk identification. Macro-risk identification is the identification of major risks that may have a significant impact (financial and otherwise) on the organisation. Micro-risk identification is the identification of sub-risks within the major risk class and is key to the risk control objectives. 2.3 Macro-risk identification Macro-risk identification concerns the identification of the major sources and types of risks facing the organisation. For business, this involves a macro-level analysis of external environmental factors, using techniques such as industry analysis, competitor analysis, market analysis and country analysis. In the case of event risks, the main concern following macro identification is to insulate the firm as far as possible from the major negative financial consequences of loss arising from the major risk sources. In most instances, financial provision for such consequences can be made by the purchase of insurance cover. Certainly in the extreme, the insurance market represents an efficient financing mechanism, facilitated by the pooling effect that is evident where such risks are concerned. Hence, macro-risk identification and classification should logically follow accepted insurance classifications. These classifications are thus useful for macro-risk identification purposes. The process also involves identifying the impact of environmental (or dynamics) changes ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 23 RISK AND RISK MANAGEMENT that can affect event risks. These changes are outside the control of the company, but impact upon it. 2.4 Insurance reviews Generally, macro-risk identification is conducted by carrying out insurance review. The insurance industry has, for centuries, been a mechanism for handling pure risks. It has thus developed comprehensive risk reviews that, with the assistance of a reputable insurance intermediary, can greatly assist the organisation. Insurance reviews may cover uninsured perils as well as perils for which no insurance cover is available, or is available only at extremely high premiums due to a prevailing restricted insurance market. Uninsured risks are usually identified and discussed during the insurance review. 2.5 Organisational charts and flow charts Organisational charts assist in gaining a macro view or overview of the organisation. The risk manager can add other risks facing the organisation to the list compiled during a typical insurance review. Such identification can be achieved by drawing an organisational chart that illustrates the different aspects of the organisation’s activities and structure. There are numerous ways in which the organisational chart may be drawn, but the key point is that all areas of the company’s activity should be shown. Flow charts are important particularly to identify and evaluate interruption risks (consequential losses). In contrast to organisational charts, flow charts are not restricted to the organisational structure of the firm and can include suppliers. These charts can be used to describe any form of ‘flow’ within the firm e.g. the production flow, by which raw materials are converted into the finished product. A flow chart therefore facilitates, for example, the identification and interdependency of the various processes and stages of production, and it is useful to the risk manager in identifying risks and interpreting potential risk exposures. Although this will, in all probability, introduce an element of business risks to the risks identified, for which no ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 24 RISK AND RISK MANAGEMENT cover is available or sought, it does provide a thorough analysis and should produce a systematic strategy. This process can accomplish the following, among other things: The identification of risks that are unique to the organisation; The identification of a broad set of risks e.g. general liability, and the focus on a sub-set for which cover may be sought, e.g. public liability; and The opportunity to discover any interrelationship between event (pure) and business risk where it occurs. 2.6 Analysis of financial statements Another approach that has been applied more recently (and which is relevant to event and business risk interrelationships) is to identify risk by analysing a firm’s financial statements. All financial losses have an adverse effect on either the balance sheet or income (profit and loss) statement, and thus an analysis of the organisation’s financial statements can prove most useful as a starting point for risk identification. Values that are at risk can, for example, be identified by examining the balance sheet, after which it can be established which perils could occur that may destroy this value. The income statement may show rental expense payments that may indicate the possibility of a contractual liability exposure; or may indicate a hidden asset if, for instance, long-term rental obligations under a current lease agreement are markedly lower than current market rates. The income statement will also disclose sources of income and thereby process from which losses may arise, such as liability to third parties in the event of malfunctioning products. Thus a flow-chart method of identification coupled with an analysis of the organisation’s financial statements, provide a systematic procedure for reviewing, in proper order, the company’s operations. However, it must be noted that a company is dynamic and constant changes give rise to new and added risks. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 25 RISK AND RISK MANAGEMENT Finally, it must be stressed that the risk management process should follow a continuous strategy, whereby the risk is identified, evaluated, physically controlled where possible, and then provided for from a financial standpoint. In order to achieve this, it is necessary to structure the various processes in a complementary way. If a list of the various perils that pose a threat to the organisation was compiled without taking into account the way in which such risk is to be financed or without reference to the existing insurance cover, the risk identification process will be of little use in considering additional insurance cover. 2.7 Micro-risk identification Micro-risk identification refers to the process of identifying those micro risks that can usually be prevented by introducing effective risk control measures. Risk managers use several methods to identify the various risks. These identification methods have their origins in solving problems within an organisation or even an industry. The identification process requires creativity. The task of matching the method to the risks is important, although it must be recognised that it is not possible to lay down firm guidelines as to how this is to be achieved, as the circumstances within each firm are different. Nevertheless, having broadly classified these under macro and micro-identification methods, the following micro-identification methods can be considered. 2.8 Risk inspections The obvious and most commonly used method to identify risks is to conduct a physical inspection. The main advantage of this method is that the sites/plants are seen at first- hand. In addition, you get to meet people on the shop floor whom you rely on for much of the information concerning risks and hazards. However, risk inspections have a number of drawbacks. Apart from the distance that may have to be travelled to reach the site, it is time-consuming. It is therefore important to carry out as much preparatory work as possible before the inspection begins. This work primarily relates to pre-planning or programming to ensure that the visit will ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 26 RISK AND RISK MANAGEMENT coincide with other tasks to be performed. A logical approach to risk identification incorporating, for instance, the design and use of a report that is to be completed while the site is being inspected will minimise the chance of overlooking important aspects. The effectiveness of any inspection is related to the competence and expertise of the person carrying out the survey. The expertise that is needed, especially for multifaceted operations, is extensive and could cover many disciplines e.g. mechanical, electrical and chemical engineering, fire prevention and security. Inspections follow the law of diminishing returns. If the same person is sent to the same site for a second time, the person is unlikely to identify much more than what was detected in the first visit. Inspections usually focus on physical observations, whereas often the problems are systems-related. For example, an inspection will reveal neither poor design controls nor unsatisfactory product markings that could cause product liability claims. Techniques such as Hazard and Operability Studies (HAZOP), Failure Mode and Effect Analysis (FMEA), Fault-Tree Analysis (FTA), hazard indices and safety audits have been developed to overcome this drawback. 2.9 Hazard and Operability (HAZOP) studies A HAZOP study is a systematic technique for identifying hazards or operability problems throughout an entire facility. The study is a qualitative approach to risk identification that can be employed at the planning stages of projects. These studies are used most often in the chemical industry (Training Guide: Hazard & Operability Analysis (HAZOP), 2015). In essence, the HAZOP study is an important enquiry into the operations of a plant in terms of the hazards that it is vulnerable to. The study follows the basic principle that extremely complex problems should be broken down into manageable parts, which are then examined carefully so as to identify all associated hazards. The HAZOP study is concerned with four main questions: ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 27 RISK AND RISK MANAGEMENT I. What is the part that is being examined intended for? II. What are the deviations from the declared intention? III. What are the causes of the deviations? IV. What could be the consequences deviations? Put simply, each part of a process is studied to ascertain its intention. Lists are then compiled showing all possible deviations from the normal operating conditions, as well as how these deviations might arise and what their consequences might be. HAZOP studies have become popular in practice as these studies have been found to be effective in micro-risk identification (McFadden, 2019). The main advantage of the HAZOP study is that each part of a complicated system is examined in detail. Furthermore, in view of the many different skills required to conduct the study correctly, it is necessary to involve a team of people, and this in itself is advantageous. Such a team approach encourages communication and is synergetic, which is proven advantage in any risk management department. The main disadvantage is the time involved in carrying the HAZOP study. It calls for a considerable investment of time and resources. Probably the most famous example of where a HAZOP study could have been used effectively is the Flixborough disaster, which occurred in England on 1 June 1974. Some pipework in a chemical plant was undergoing alterations when its supports gave way, causing the pipework to fail and release 36 tons of cyclohexane into the atmosphere. The resulting vapour cloud ignited and 28 people were killed in the explosion. The possible consequences of these alterations could have been determined beforehand and the appropriate risk control steps taken to avoid the disaster (Appendix Case Studies, year unknown). The HAZOP study is applied to each item of equipment and is carried out by addressing standard questions or considerations to that equipment. These considerations include: What deviations could arise? How can these arise? What are the implications? ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 28 RISK AND RISK MANAGEMENT Are there any further implications? Applied to the Flixborough situation, the answers would be: The pipe could break if the supports were not adequate. Cyclohexane would escape. A massive explosion would occur. Loss of life and damage to property would be incurred. (Appendix Case Studies, year unknown). 2.10 Failure Mode and Effect Analysis (FMEA) The primary function of an FMEA study is to evaluate the frequency and consequences of component failures on the processes. This method, while, identifying risk sources, concentrates more on the effect of failure with the objective of minimising its consequences. FMEA is therefore usually applied to specific equipment. The analysis is thus primarily concerned with the evaluation of consequences of failures. The aim is to attain a fail-safe mode. The major disadvantage of this technique is that the analysis does not extend to operational procedures. Because FMEA concentrates on component failures and not on errors in operating and other procedures, it has a limited application. The method is also tedious to apply to complex installations. 2.11 Fault-Tree Analysis (FTA) FTA is not a means of identifying risk per se, but primarily a technique for analysing risk. It is consequently used only after some other type of technique or risk inspection has been carried out and a major risk or hazard has been identified. The fault tree is a diagrammatical representation of all events that may give rise to some major event. FTA concentrates on ascertaining all the possible combinations of individual failures that can lead to what is termed the top event or ultimate risk. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 29 RISK AND RISK MANAGEMENT For example, if the risk of a major toxic release (seen as the top event) has been identified by some other means, FTA can be applied to analyse the factors or combinations that could result in that top event occurring. These combinations are shown in a sequential arrangement on a fault tree that indicates the frequency or ‘probability’ of failure of each event. By estimating the individual failure probabilities and then applying the appropriate probability theory to the expressions, the probability or frequency of the top event can be determined. Sensitivity analysis can then be performed by altering the various constituent factors to gauge the effect of alterations to the system, or to bring the top event frequency to a desired design level. Pressure will rise if either the pump fails or there is an excessive input of the raw material, which is an OR gate. The relative frequency or probability of failure of each individual event is also shown, which collectively ascertains the probability of the top event occurring. One of the main advantages of FTA is that it is a structured approach to risk identification. It simplifies analysis of complex systems and traces causes and impacts. Apart from the relatively long time it takes to correctly carry out the study, it suffers from one major problem (not apparent in the other methods described): the derivation of probabilities, particularly where these probabilities are very low. If the relevant probabilities are not accurate, then the resulting calculation, particularly the measurement of the likelihood of the top event, will be suspect. The method is also subject to the criticism that the company defines an acceptable level for a failure, which often includes the death of people. 2.12 Hazard indices The hazard index is a technique that attempts to express the degree of hazard by using a number. In doing so, indices can be used to identify process areas with significant loss potential. The process involves the measurement of the likelihood of loss and the expression of the result as a number to which others can be compared and annual changes monitored. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 30 RISK AND RISK MANAGEMENT The most common method of expressing the degree of hazard is the Dow Fire and Explosion Index. This is used primarily for insurance or underwriting purposes and has been expanded to include business interruption losses. While various attempts have been made to further expand and improve it, they have met with limited success. 2.13 Safety audits The general safety audit is a commonly used to identify safety risks. In the course of the year, most industrial plants are inspected and audited by a number of people. In South Africa, it is mandatory for the safety representative of a company to inspect the workplace. Personnel safety is an extremely important aspect in the field of risk management. Various systems to ensure personnel safety have been devised, including the use of specially-designed safety audit sheets to facilitate risk identification. The safety audit sheets usually include some statutory requirements and defined objectives. One of the best known audit systems was developed and implemented by the National Occupational Safety Association (NOSA) as a management by objectives system (NOSA, 2019). 2.14 Legislation and codes of practice The implementation of established legislation and codes of practice achieves both compliance and risk control. What is not obvious is that it also serves as a means of identifying risks. In the manufacturing process, for example, risk identification techniques may not identify all the sources that could give rise to a product liability claim. Often the risk source is only identified when the defective product is returned and a claim arising out of the defective product is made. Systematic compliance with legislative and other authoritative codes of practice dealing with quality assurance will clearly mitigate the risk of defective products. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 31 RISK AND RISK MANAGEMENT Such systematic compliance covers a host of possible sources, and, through the compliance process, these sources are therefore identified and risk control measures implemented. It is clear that the same outcome is achieved in the field of occupational safety when safety legislation and codes are implemented. 2.15 Research Naturally, there are situations where risk cannot be easily identified. The intricacy of a product, for example, may mean that observation, however systematised, will fail to identify the associated risk. Under circumstances such as these, specialist research, often on an on-going basis, is required to identify and evaluate the effects of associated risk. Moreover, the complexity of situations of this type should not be underestimated, as there may be a time relationship between the circumstance and risk, and even the situation where using the product causes risk in some conditions or environments and not in others. Unfortunately, these aspects frequently indicate that research is conducted after the loss has occurred, which makes research not an identifying process, but one concerned with understanding the risk and perhaps mitigating its effects. A particular type of research involves examining loss events (accidents, insurance claims, near misses and so on). Lessons can be learnt if an event occurs. Events are thus a source of risk identification. THINK POINT Consider the approach you would adopt in attempting to identify sources/underlying causes of risk. 2.16 Risk sourcing Risk sourcing is an approach where possible sources of risks are identified and evaluated rather than the risks themselves. The purpose is to try to understand the underlying causes of risk. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 32 RISK AND RISK MANAGEMENT For example, a manufacturing company concerned about the time it takes to get a product to the market, may have to re-evaluate its business processes and suppliers, and even its distribution processes. An additional benefit of risk sourcing is that it helps managers to understand the type and availability of data that will influence (a) how the risk can be measured, and (b) the selection of risk control measures to control or eliminate the risk. 2.17 Key features of the risk-identification process In concluding this section on risk identification, the following key points can be made: It is unlikely that one particular method or technique of identification will be enough to identify all the risk exposures and address all the associated problems. It is better to use a combination of methods in order to ensure that identification is as complete as possible. Since the various methods themselves have developed in response to solving problems within particular industries, certain methods are found more useful in some industries than others. The process of identification is greatly assisted and improved by consultation with as many people outside the risk management department as possible. For example, various line managers and others in the workforce who know the organisation and who possibly have their own views on the risks that exist, particularly in their specific areas of work. Risk identification is an on-going process, and should not be regarded as an isolated or once-off exercise. It is essential that risks that have been identified are monitored and new risks highlighted. Finally, risk identification involves a certain degree of creativity. While past routines used in risk identification provide some system and rigour to the activity, no limit should be imposed on any lateral thinking about risk identification. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 33 RISK AND RISK MANAGEMENT 2.18 Summary The aim of this chapter was to provide insight into the identification and evaluation of risk. Risk identification was shown as the preparatory step to risk control and the financing of losses. In so doing, the intention was also to address the relative neglect, in the general risk management texts, of this aspect of the discipline. Since risk identification represents an integral part of the total risk management process, any holistic approach to the subject requires that these steps be understood and their role appreciated. The aim is to develop a structured and integrated process of risk management. Hence, the question of risk identification was itself viewed in a reasonably rigorous way by first describing a macro-identification process. When dealing with losses arising from damage to assets, risk identification is both important and difficult. Regarding damage to assets, all that is needed is first to identify the assets that can be damaged and then the perils to which these assets are exposed. Once it has been determined which assets are at risk, the costs of the assets can be calculated and an indication of the exposure due to loss or damage to the assets determined. It is more difficult, however, to determine the exposure for interruption losses. While consequential losses have a financial implication, it is not possible simply to examine the asset and then to determine the consequential losses. The various methodologies used in the processes of risk identification were described in this chapter. Important features of risk identification were also listed. It was stressed that the various risk identification methods must not be seen in isolation. Risk identification is a dynamic process in which it is essential that risks that have been identified are evaluated and monitored, and new risks highlighted. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 34 RISK AND RISK MANAGEMENT SELF-ASSESSMENT EXERCISE 1. Explain risk identification and its significance to risk management. 2. Differentiate between macro and micro risk identification. 3. Describe the various approaches to risk identification. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 35 RISK AND RISK MANAGEMENT CHAPTER THREE RISK EVALUATION CHAPTER OUTCOMES After working through this chapter, you should be able to: Discuss the process of risk evaluation. Identify the steps involved in risk control. Explain the concept of hedging in order to evaluate and control risk. PRESCRIBED READING Chapter 6: Valsamakis A.C., Vivian R.W., du Toit G.S. Risk Management (2016). 4th Edition. Heinemann Publishers. 3.1 Risk evaluation Interruption loss analysis lends itself to the concept of risk evaluation by means of various forms of probability analysis. This is particularly true of items such as electrical distribution works, which can be extensively analysed and which lead to the field of reliability studies and value engineering. To avoid unnecessary complexity in the evaluation, it should remembered that the exposure is time-related and that the evaluation has mainly two limits of concern. In the first instance, the evaluation is not concerned with small, short-duration breakdowns that can usually be funded by a maintenance budget. You could, therefore, comfortably work on a lower limit up to a seven-day breakdown. The other important limit is the insurance period of indemnity. This period can range from about three months to one or two years. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 36 RISK AND RISK MANAGEMENT In order to simplify the calculations, as a first approximation of the exposure, you should simply work on the basis that a certain item of machinery will be out of operation for period of, say, six months and determine the exposure on that basis. If you are reasonably sure that it is improbable that an out-of- operation period will last longer than six months, as in the case of a normal electric motor, then it is not necessary to be concerned losses of long-term items such as a loss of market share. If the procedure for selecting a fixed period of outage is not adopted, loss- distribution curves must be developed for each asset. The analysis then becomes much more complicated. Failure frequencies A number of organisations have devoted considerable effort to establish frequencies for a large range of assets. These can be used in the place of distribution curves as a first approximation in the evaluation of losses. ACTIVITY Identify and explain the risks involved in operating machinery within a manufacturing organisation. 3.2 Loss statistics of machinery breakdowns Munich Re, one of the world’s largest reinsurance companies, has done extensive work in the field of insurance claims from machinery breakdowns. Altogether, 16005 cases of damage that occurred during the period 1969-74 were evaluated. These cases were distributed among the various types of machinery as follows: ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 37 RISK AND RISK MANAGEMENT 9135 cases of damage to electrical machines 1045 cases of damage to steam generators 1215 cases of damage to fluid-flow machines 1000 cases of damage to piston machines 3610 cases of damage to mechanical handling and lifting machines. Munich Re (year unknown) Munich Re found that as the proportions of the groups of causes of damage included vary widely with the type of machines considered, the key measures necessary for successful loss prevention also vary. Once a machine has broken down, the cause of the breakdown must be identified. To a large extent, the classification system chosen is arbitrary and the causes can be classified in various ways. Munich Re has classified causes into three categories: (i) Product faults. These include all causes of damage that are the result of manufacture e.g. faults in planning and design such as deficient layout calculation, incorrect choice of materials and unsuitable geometry; faults in processing, such as incorrect heat treatment, machining errors and assembly faults; and faulty materials. (ii) Operational faults. These include causes of damage that originate during the operation of the installation, which include the loosening of components; the failure or non-response of protective devices; servicing faults; damage rising from corrosion, ageing etc. as well as causes that can be traced back to external influences such as natural forces, foreign bodies, over-voltages from the grid, and so on. (iii) Handling faults or attendance faults. These can be regarded as a subsection of operation faults. In about 95% of the damage cases, external influences did not play any part. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 38 RISK AND RISK MANAGEMENT From the above analysis, it is evident that the vast majority of machinery failures were caused by factors that could have been prevented. In designing risk control steps to prevent machinery breakdowns, generalised steps such as a relevant management system - applicable to all types of machinery – could be specified. However, once this has been done, each type of machine must be examined to plan the desired risk control steps. In other words, specific steps can be taken to prevent the breakdown of a transformer and to prevent the breakdown of a piston machine, for example. Munich Re (year unknown) 3.3 Risk control steps: Machinery breakdown The various ratios of the different types of faults can be determined by examining the breakdown statistics. Therefore, note that for electrical machines, product faults comprise some 41% of the faults, whereas operational faults comprise 59%. In terms of numbers and costs, the proportion of damage resulting from product faults is most pronounced in the case of fluid flow machines and stream boilers. It is heaviest in terms of cost in the case of electrical machines and installations, but it is relatively low in terms of numbers, indicating high repair costs per individual case of damage. With these three types of equipment, the trend of technical developments towards larger and more powerful items of equipment is particularly noticeable. For example, 50 years ago a 50 MW electrical generator was regarded as a large generator, but today, 960 MW units are routinely installed. Newly-developed components that have not been sufficiently tested in practical operations, are simultaneously installed in a large number of machines with increasing frequency. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 39 RISK AND RISK MANAGEMENT Methods of preventing damage as a result of product faults as primary cause, involve using knowledge from loss events regarding calculation, design and manufacture by way of: Close cooperation with manufacturers in special cases; Early publication of experience in specialised journals; and Open exchange of experience at conferences and seminars. In this way, an important contribution can be made towards ensuring that, with different manufacturers, damage arising from identical causes will be prevented from happening again. Purposefully inspecting and timeously replacing components that have led to damage in similar machines also helps prevent damage. The proportion of damage from operational causes, in terms of numbers and costs, is highest in the case of piston machines, followed by electrical machines and installations. In terms of installations, the high number of cases of damage with relatively low costs indicates that there are many causes and instances of fairly inexpensive types of damage. The following methods of prevention are suggested: Optimum supervision of the installation, when not only sudden, but also gradual changes in operational data (pressure and temperature, deficiencies, power input etc.) must be noted and their causes established without delay; Constant control and supervision of measuring, control and protective devices; Constant control of the condition of operational and auxiliary materials (lubricating, cooling, refrigerating media etc.); Regular servicing, maintenance and overhauls; and ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 40 RISK AND RISK MANAGEMENT Overhauls and inspections at regular intervals so that the components that have reached the end of their lives through wear, corrosion, erosion or temperature influences can be replaced before failure occurs. In terms of systematic evaluations of damage and inspections, optimum periods between inspections have been established for most machines, or reliable supervisory and control systems have been introduced to determine the best time for carrying out inspections. With regard to handling faults, most damage from faults arising from mishandling is found in a group of machines that deal with mechanical handling and lifting. However, in other groups of machines dealt with here, the cause of damage is also noteworthy. The following are suggested for loss prevention: The selection of suitably trained personnel for operating, maintaining and servicing machines; The continual training of operating personnel – especially in actions required when machines break down – through courses, lectures, literature and pamphlets. Their work should also be inspected regularly; The installation of easily-operated fitting and control elements, warning notices, and instruction plates; Operating instructions that are easy to understand; and General risk control measures for different types of machines. The key risk control points for electrical machines are the application of damage experience for calculation, design and manufacture; revisions at regular intervals, if possible; and the training of personnel. With fluid-flow machines and steam generators it is vitally important to apply damage experience in manufacturing machines as well as inspection and overhauls. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 41 RISK AND RISK MANAGEMENT It is also essential to consider the distribution of the findings of damage causes that were the result of inspections carried out on steam generators. For piston machines, the key to loss prevention is improvement of serving and maintenance, and regular inspections. With mechanical handling and lifting equipment, damage arising from handling faults occurs most often, as should be expected. Therefore, in this case, loss prevention lies primarily in training personnel by demonstrating examples of damage, as well as by pamphlets and instruction plates. In addition, everything possible must be done to reduce the proportion of handling faults by improving the way in which staff operate equipment. Planned maintenance systems. Adequate inspection and robust maintenance programmes are key to prevent loss or damage to equipment, in particular production machinery. These inspection programmes are best formalised in terms of what is known as a planned maintenance system. In such a system, the maintenance requirements of machinery are refined beforehand and then carried out in accordance with the programme. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 42 RISK AND RISK MANAGEMENT THINK POINT Who should bear the responsibility of planned maintenance programme? 3.4 Responsibility for the planned maintenance programme For a planned maintenance programme to function effectively, one person or one department needs to be responsible for it. It is equally essential that this person or department should not form part of the production department, as planned maintenance and production have different aims. In large organisations, a separate planned maintenance department should be established and responsibility for the planned maintenance programme be assigned to that department. This department should not fall under the responsibility of production management. 3.5 Work instructions Work instructions or planned maintenance cards are at the heart of a successful planned maintenance programme. There should be a separate planned maintenance card for each item of equipment or machinery. This should not be a general card, but must relate to the specific item that is being inspected. This planned maintenance card should indicate the specific maintenance work needed for that particular piece of equipment. This is identified through a detailed investigation of the types of failures and faults generally associated with that particular item. In this way, if a planned maintenance is to be carried out on an electric machine for example, the specific inspections required for that type of machine must be determined. Thereafter, the maintenance card should deal with this specific item. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 43 RISK AND RISK MANAGEMENT When determining the maintenance work required on a machine, it is necessary to consult the existing literature on the subject and particularly the insurance literature regarding the causes of failures. The major causes of failures should be investigated and the steps required to avoid any further failures should be incorporated into the planned maintenance card. It is not sufficient to simply define the project or work to be done in terms of the planned maintenance project; it is also necessary to ensure that only competent and qualified people carry out the work. The card should have spaces for comments and the signature of the person doing work to indicate that it has been done. Where applicable, the statutory requirements must be incorporated into the planned maintenance costs. 3.6 Inspection frequencies The various frequencies of inspection and other maintenance work should be determined by consulting the relevant literature, and the manufacturer’s manuals and specifications. These requirements should be incorporated into the work instructions and into the control system for the planned maintenance system. Spares policies As we have already seen, a consequential loss is time-dependent. Therefore, the more quickly machinery can be repaired to get it back in operation, the lower the loss will be. It stands to reason that the programme should not only concentrate on preventing a machine from breaking down, but should also include contingency plans for locating spares. A spares inventory should be drawn up and kept up-to-date. Where high vulnerability is detected, spare equipment should be purchased. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 44 RISK AND RISK MANAGEMENT 3.7 Risk control: Suppliers As a general rule, it is not possible for a customer to tell a supplier how to manage the own business or assets. Therefore, it is not generally acceptable for a client to tell a supplier that the planned maintenance programme is not up to standard; it is becoming acceptable in terms of quality assurance of practice for a client to inspect and evaluate suppliers’ premises. The following risk control steps can, however, be implemented in this regard: Identify key suppliers of goods, services; Identify key markets; Investigate alternative suppliers and markets; Assess the vulnerability of the supplier and market to loss of assets; and Assess the ability of the key supplier and market to recover from loss or damage to their assets. 3.8 Hedging of incidental risks A manufacturer that imports certain components is exposed to foreign exchange rate changes. These rate changes may positively or negatively influence the profit position of the manufacturer, even though foreign exchange dealings are not its main line of business. Investors associate the company with its main business risk (the end economic risk) i.e. the manufacturing of motor vehicles. Any additional risks such as foreign exchange risks, should therefore be minimised. This can be achieved by forecasting foreign exchange movements that would eliminate the risk. Since capital markets are efficient, it is virtually impossible to out-predict the market. Alternatively, these risks can be managed by rather inflexible on-balance sheet transactions, such as borrowing in the foreign currency or by moving production abroad. Hedging using derivative instruments is much more flexible and cost effective, and can be used to eliminate the impact of incidental risks such as changes in foreign exchange rates, and even price changes of commodities and financial instruments. The principle of hedging is illustrated in Figure 3. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 45 RISK AND RISK MANAGEMENT Figure 3: The Principle of Hedging 3.9 Summary This chapter described risk control responses to various identified risks. Against the background of risk identification and evaluation, risk control is concerned with the physical management of risk. The meaning of risk control and its position within the overall discipline of risk management. Risk control was established as a sub-discipline of physical risk management, which encompasses the overall process of risk identification and evaluation. In turn, physical risk management, when integrated with the activities related to financial risk management, constitutes the entire discipline of risk management. Risk control was simply defined as a method of meeting risk. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 46 RISK AND RISK MANAGEMENT The historical development of risk control, particularly in the areas of fire, explosion and industrial accidents, was sketched, followed by the general principles and objectives of risk control. The approaches to loss prevention were categorised as engineering, human, educational and enforcement approaches. Risk control programmes and codes of practice relative to South Africa were given and, under the heading of assets programmes, general assets perils were listed around which specific risk control programmes are designed. Finally, the more important acts prescribing legal risk control measures were listed. Risks can be broadly differentiated as being assets (properly)-related and liability- related. These types of risks are fundamentally different. This, together with the fact that a liability crisis is currently in evidence, dictates that with regard to risk treatment, a separate examination of this subject is called for. Hedging, was also discussed as a response to incidental risks, showing how a derivative instrument such as a forward contract can be used to hedge profits and the value of the company against movements in, for example, exchange rates. SELF-ASSESSMENT EXERCISE 1. Discuss hedging as a tool for risk control. 2. Explain the risks associated with operating machinery. 3. Define risk evaluation and demonstrate its significance to risk management. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 47 RISK AND RISK MANAGEMENT CHAPTER FOUR RISK CONTROL CHAPTER OUTCOMES After working through this chapter, you should be able to: Distinguish between risk management and risk control. Formulate the various stages within risk control. Identify legal requirements, codes of practice and standards for risk control. Explain the general requirements of insurance companies. PRESCRIBED READING Chapter 8: Valsamakis A.C., Vivian R.W., du Toit G.S. Risk Management (2016). 4th Edition. Heinemann Publishers. 4.1 Land People on neighbouring land may be affected by the activities of an industrial company and by various impairment agents. These need not be dangerous or hazardous, but may simply be a nuisance or cause discomfort, as in the case of noise and odours. While neither of these two agents poses any particular health hazard or health threat, they are causes of concern and so an audit should determine whether any problems are known to have arisen from these particular sources. Another way in which the surrounding areas can be affected is by the disharmony caused by the activities of an industrial site. It often happens that people move into the area long after an industrial site has been developed, and sooner or later pressure groups may form, aimed at having the industrial site removed. A record should thus be kept of developments in the area, and township developments in particular should be carefully monitored. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 48 RISK AND RISK MANAGEMENT 4.2 Air Air can be contaminated by activities carried out at an industrial site, and pollution agents can be dangerous to health and property. Atmospheric pollution is controlled in terms of legislation and the audit should ensure that the necessary permits and monitoring procedures are in order. The audit should then concentrate on identifying the sources or agents that pollute the atmosphere and risk control should be directed at those particular sources. 4.3 Water Water is controlled in terms of the Water Services Act No. 108 of 1997 and the National Water Act No. 36 of 1998, which have very strict provisions and stringent monitoring requirements. Again, some sort of statutory risk control programme should be implemented to ensure that the legislation requirements are met. The audit should concentrate on identifying the source of the water, its discharge point, and whether and where any contaminants are let into the water. Once it has been determined that the water is or can be contaminated, risk control steps aimed at those specific aspects of contamination should be implemented. It is important to note that contamination does not necessarily have to be chemical in nature. It could be something as innocuous as heat. Often factories draw water for cooling purposes and then return the heated water to the streams. Such heated water could be the cause of changes or damage to the ecology. 4.4 Groundwater Groundwater pollution is more serious in that it can occur without anyone being aware of it. Groundwater is also controlled by legislation and the requirements of the legislation, particularly the regulations promulgated in terms of the Water Services Act, should be met. On a large industrial site, boreholes should be sunk around the site and samples taken at regular intervals to determine whether the groundwater has been contaminated. In addition, the identification audit should be aimed at monitoring groundwater condition ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 49 RISK AND RISK MANAGEMENT if contamination is detected. The next step of the audit should be to concentrate on determining which aspects do, or could, cause the contamination of the groundwater. Sources of contamination should be identified. These include items such as dams, particularly cooling or holding dams, underground storage tanks etc. In the case of dams, contaminated water and chemicals are often pumped into the dam. As the water evaporates, the concentration of the chemicals rises and the chemicals seep into the groundwater. Eventually the contaminated groundwater could surface several kilometres away from the site. Underground tanks are another source of groundwater contamination. If there are underground tanks on site that contain chemicals, these should be identified and the type of chemicals, as well as their possible effects, should be listed. Closely-allied to underground tanks are underground pipes. Solid waste is another source of groundwater contamination. Often waste buried years earlier decomposes and seeps into the groundwater. For this reason, solid waste dumps and tips should also contain leaching points or boreholes from which water flowing from the dumps can be monitored. 4.5 Transportation Environmental impairment does not necessarily come from the site itself, but can also occur from activities conducted off-site. For this reason, it is necessary to carefully examine a company’s transportation activities. It should be determined whether the company transports any substance that could contaminate or impair the environment. If so, and if an accident occurs, the environment could be contaminated off-site. On a number of occasions in South Africa, hazardous substances that were being transported spilled from trucks, polluting rivers. 4.6 Dams Storage dams can be the source of environmental impairment, particularly to groundwater. If storage dams are used and have been identified by a risk identification programme, then steps should be taken to ensure that they are not the source of ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 50 RISK AND RISK MANAGEMENT contamination. Monitoring systems should be installed on the dam to detect or monitor any leaks. The condition of the groundwater in the vicinity of the dam should also be monitored. If a dam develops a leak, the detection system should pick this up and steps should be taken to seal the leak in such a way that further leaks will not occur. Special linings may have to be installed for this purpose. 4.7 Underground tanks Underground tanks are another possible source of groundwater pollution and could potentially be economically disastrous. In the US, Congress amended the Resource Conservation and Recovery Act I 1984 and gave the US Environmental Protection Agency broad new areas to regulate with unusually specific legislative directives. Among the new items that Congress targeted for regulation are underground storage tanks, in effect changing the way in which such tanks may be managed. The new legislation in the US specifies how tanks are to be installed and monitored. These regulations, which include the following, give a good indication of the risk control steps that should be considered with regard to underground tanks: The usage of single-wall tanks is discouraged and the construction of tanks with spill containment systems encouraged. Tanks and piping should be designed so that they can be visually inspected on a frequent basis. Tanks that cannot be visually inspected require secondary containment and alarm systems capable of rapidly detecting a leak. The main emphasis of the programme should be prevention of leaks from tanks and pipelines. Regular tank inspection and testing should be undertaken. The inspection frequency should not be less than once per year. Testing programmes should form part of the plant maintenance system. Underground or groundwater monitoring is a prerequisite for the underground storage tank programme. All new underground tanks must be installed to a recognised, approved standard of construction. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 51 RISK AND RISK MANAGEMENT A detailed tank management plan that addresses operator training, emergency procedures, and operation and inspection procedures must be drawn up and kept up-to-date. Underground tanks and pipes must have corrosion protection and make use of non-corrosive backfill materials that are installed in accordance with the requirements of a properly qualified professional engineer. This list makes it clear that the US takes the possibility of environmental impairment from underground tanks very seriously indeed. 4.8 Underground pipes These can also be the source of pollution, and detailed requirements must be drawn up for the installation of these pipes. This programme is similar to the programme for underground tanks. 4.9 Solid waste Contaminated solid waste has become a worldwide problem. In some well-published cases, ships loaded with such waste have travelled around the world in search of a country to accept the cargo. Before dumping, the type of waste should be investigated and all waste sites carefully recorded on a plan. Where possible, a properly qualified hazardous waste contractor should be appointed to dispose of this type of waste. The contractor should then take the waste to a specially designated site. When such disposal takes place, it is important to ensure that all liability passes to the contractor. The conditions of the contract should thus be examined very carefully. The location of any buried waste should be carefully recorded on site plans. Regulations promulgated for solid waste sites can be used to develop a statutory risk control programme. 4.10 Atmospheric pollution This is controlled in terms of the Atmospheric Pollution Prevention Act No. 15 of 1985, and a statutory risk control programme should be drawn up to comply with the ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 52 RISK AND RISK MANAGEMENT requirements of this Act. The necessary permits should also be obtained and permit conditions strictly adhered to. 4.11 Surface water In many instances, pollution from a site lands on the ground and is washed into a river during a rainstorm. Where this is identified as a problem, the storm water system should be set up in such a way that substances are treated before leaving the site. 4.12 Water Water pollution is also controlled by legislation and the necessary statutory risk control programmes should be drawn up in accordance with legislation. The water authorities in South Africa are very strict, but also cooperative, and if the programme is drawn up in consultation with these bodies, the legislative requirements are, as a general rule, complied with. 4.13 Fire risk control Many of those relatively closely involved in this aspect of risk control do not always realise the nature and extent of the damage caused by accidental fire and explosion. Direct property damage losses in South Africa run into hundreds of millions of rand annually. In 1997, for instance, the direct loss was estimated at R1,2 billion. This figure does not include consequential losses, which probably total three times the direct loss amount (Still and Stokes, 2016-2017). In addition to the monetary loss of property or assets, the loss of life resulting from fires and explosions must also be taken into consideration. In 1997, the number of deaths reported as directly attributable to fire was 160. However, this number actually only reflects deaths that occurred in urban areas, and figures compiled by the Department of Statistics reflect an annual average in excess of 1000 (Still and Stokes, 2016-2017). Fire also causes unemployment and loss of business opportunities. Notwithstanding insurance cover, it is estimated that more than 50% of all business that suffer a major fire never recover sufficiently to resume their business. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 53 RISK AND RISK MANAGEMENT 4.14 Legal requirements, codes of practice and standards Many aspects of fire and explosion prevention and protection are prescribed by law. The most important of these are to be found in the National Building Regulations and Building Standards Act No. 103 of 1977, the Fire Brigade Services Act No. 99 of 1987, the Mine Health and Safety Act No. 29 of 1996 and Occupational Health and Safety Act No. 85 of 1993. Other legislation also applies to a varying extent and includes, among other things, the Hazardous Substances Act No. 15 of 1973, the Explosives Act No. 15 of 2003 and local authority fire by-laws. In addition to the above, the numerous regulations pertaining to these laws also apply. Codes of practice dealing with fire risks are extremely important for risk control purposes. Another valuable source of information is the National Fire Protection Association of America. This is a comprehensive guide and it is updated annually. In South Africa, the Automatic Sprinkler Inspection Bureau (ASIB) monitors sprinklers installed in buildings on behalf of both the insured and the insurer. The ASIB also publishes and updates the rules for automatic sprinkler installations. This rulebook is a fully comprehensive document that has been developed over more than a century of fire engineering experience and is an indispensable tool for those engaged in fire risk control (ASIB, 2019). In recent times, the need for effective risk control has prompted some businesses, mainly corporate groups, to draw up tailor-made risk control standards of their own. 4.15 Requirements of insurance companies An insurance company may impose certain requirements on the insured, depending on the wording of the policy. These requirements usually apply to fire-fighting equipment and systems such as automatic sprinkler systems. It is usually a prerequisite for such equipment and systems to comply ASIB rules. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 54 RISK AND RISK MANAGEMENT In some cases, especially where hazardous materials such as liquefied petroleum gas or flammable liquids are being used, handled or stored, the insured will be required to comply with the codes of practice. The insured will, in all cases, be expected to comply with statutory requirements as they apply to the particular premises or business being conducted. These include, among others, the Occupational Health and Safety Act OHSACT and the National Building Regulations. In those rare cases where legislation is unclear or where no provision as such is made for a particular process or activity, the insurance company may determine the requirements it deems necessary. These requirements are generally not made conditions of the policy. It is of particular importance to note that once the terms of a policy have been agreed upon, any loss that may occur and that can be proved to be attributable to the non- compliance by the insured with these terms my result in the repudiation of a claim by the insurer. 4.16 Risk control Inspection programmes By far the most significant aspect of fire and explosion risk control is an adequate preventative inspection programme. No business undertaking is too small to benefit from this, and in most cases the results are extremely cost- effective in the long-term. Better insurance rates can be obtained and business interruption costs are eliminated or at least minimised. Emergency procedures The absence of a predetermined and formalised fire or emergency procedure often directly causes a fire to develop into a major loss. An almost universal necessity is that every business must have an effective plan of action in the event of a fire, explosion or other emergency. One of the prerequisites of such an action plan is that it should be simple, effective and understandable to all employees. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 55 RISK AND RISK MANAGEMENT In all businesses, an authoritative person should be tasked with the overall responsibility for risk control and also for the formulation of a fire procedure. In small operations, one person would, no doubt, carry out this task on his/her own, but in larger organisations the assistance of a nominated or elected committee is required. Depending again on the size of the business, an essential part of any fire procedure is the nomination of fire teams, team leaders, and fire wardens or marshals. In these people are vested the responsibility of initially taking charge in the event of an emergency until the arrival of the public fire service or the person holding overall responsibility. Fire-safe building design Among the many prerequisites of any building is fire safety. This can be broken down into the following aspects: Life safety Building protection Building survival 4.17 Life safety Every building should be designed so that in the event of fire, people inhabiting that building may have free and unimpeded access to safe escape routes. 4.18 Building protection Buildings should be designed and constructed in such a way that in the event of fire, the building affords the maximum protection to itself and its contents until fire-fighting operations can begin, and also during such operations. 4.19 Building survival High-value structures require that the building skeleton be capable of suffering a major fire without collapse or serious structural damage. Rehabilitation of such ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 56 RISK AND RISK MANAGEMENT a building is far less expensive than demolition and reconstruction, while business interruption costs are also minimised. Site planning and layout It is vital that fire protection be perceived as one of the priority items to be dealt with by the design team. Possible future expansion must be kept in mind. In all cases, the National Building Regulations and codes of practice must be applied. Construction methods While it is possible to construct an entirely fire-resistant building, such a structure would have no practical use. Buildings must be habitable and useful, and the resultant fire risk must be dealt with. Non-combustible materials should be used as far as is practicable. The term non-combustible does not necessarily mean that they are fire resistant. In this way, steel requires a protective covering if it is to reliably carry a load through a fire, while glass has very little or no resistance to fire. The structure itself should ideally be designed in such a way that it adds as little as possible to the ultimate fire load. Fire detection One of the most important aspects of loss prevention, is an early warning that a fire has started. Modern fire-detention systems, if properly engineered, installed and maintained, can be extremely valuable in raising the alarm at an early stage. In order to determine the type of system best suited to a particular building, it is essential to have a thorough knowledge of the nature of the risk against which it is protected. Other fire-risk control measures These include alarm systems, portable and fixed fire extinguishers, the identification of hazardous materials and fire investigations. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 57 RISK AND RISK MANAGEMENT Natural perils THINK POINT How would you define the term natural peril? Natural perils are those hazards or pure risks generally arising from natural causes, as opposed to losses brought about by human actions. This explains why damage caused by natural perils is often referred to as being the result of an Act of God. Down through the ages, natural perils have been responsible for many of the worst losses in history, and well-known examples include fire, floods, storms and earthquakes. Because of the large- scale destructive power of natural perils, the term catastrophe has come to be associated with natural perils, especially from an insurance point of view. Virtually all natural perils are insurable; in fact, modern short-term insurance practice has its origin in the need to spread the risk of losses brought about, in the main, by natural perils in the maritime industry. In the context of conventional short-term insurance there are two main types of natural perils coverage. Fire and allied perils Fire and allied perils is a popular form of insurance cover. In this context, allied perils are those historically associated with fire insurance, and against which cover is affected by adding them to a fire policy. The following are the usual allied perils: Earthquake; Explosion; Riot and strike; Malicious damage; Special perils; ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 58 RISK AND RISK MANAGEMENT Spontaneous combustion; and Sprinkler leakage. Special perils generally constitute an extension to a fire or profits policy. These special perils usually include the following: Storm, wind, water, hail or snow; Aircraft, aerial devices or articles dropped from them; and Impact by animals or road vehicles. Assets all risks In this type of policy, natural perils are covered in the property damage section. The actual perils covered are generally specified, as are those specifically excluded from the policy. Although it is impossible to prevent a natural peril from happening, there are tried-and-tested risk control techniques and measures that can reduce the loss of life and damage to property that so often characterise these perils. 4.20 Risk control techniques and measures Risk avoidance A cursory knowledge of natural perils will indicate that many of them are not evenly distributed around the world or in a particular country. While fire and lightning occur widely, earthquakes and severe storms are limited to particular parts of the world. In South Africa, for instance, damaging earthquakes are rare, and when they do occur they are generally restricted to specific areas. This characteristic of natural perils leads directly to the risk-avoidance technique of risk control. In accordance with this technique, areas prone to the occurrence of one or more perils will be avoided where possible. For example, given reasonable alternatives, it is better to avoid sites that are subject to regular river flooding or tornadoes. This is a easier to accomplish for certain perils than for others. ADVANCED DIPLOMA IN FINANCIAL MANAGEMENT 59 RISK AND RISK MANAGEMENT In many cases, the location of the premises depends on factors beyond management control e.g. thermal power stations near sources of coal, or sugar mills near cane farms. Risk elimination This technique has the same final result as risk avoidance, except that in the case of elimination, the particular risk already exists and elimination will generally req

ADIFM Risk and Risk Management PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue