Why manage the risks

Firms can benefit from financial risk management in many different ways, but perhaps the most important benefit is to protect
the firms ability to attend to its core business and achieve its strategic objectives. By making stakeholders more secure, a good
risk management policy helps encourage equity investors, creditors, managers, workers, suppliers, and customers to remain
loyal to the business. In short, the firms goodwill is strengthened in all manner of diverse and mutually reinforcing ways. This
leads to a wide variety of ancillary benefits:

The firms reputation or brand is enhanced, as the firm is seen as successful and its management is viewed as both
competent and credible.

Risk management can reduce earnings volatility, which helps to make financial statements and dividend announcements more
relevant and reliable.

Greater earnings stability also tends to reduce average tax liabilities.

Risk management can protect a firms cash flows.

Some commentators suggest that risk management may reduce the cost of capital, therefore raising the potential economic
value added for a business.

The firm is better placed to exploit opportunities (such as opportunities to invest) through an improved credit rating and more
secure access to financing.

The firm is in a stronger position to deal with merger and acquisitions issues. It is also in a stronger position to take over other
firms and to fight off hostile takeover bids

The firm has a better managed supply chain, and a more stable customer base. These benefits show that it is difficult to
separate the effects of financial risk management from the broader activities of the business. It is therefore important to ensure
that all parties within the organization recognize and understand how they might create or control financial risks. For example,
staff in the marketing department might be trained on how to reduce financial risks through their approach to pricing and
customer vetting. Similarly, buying policies can create financial risks by, for example, creating an exposure to exchange rate
movements. Consequently, it is important to establish an integrated framework for managing all financial risks.

Sources of risk

1. Interest rate Risk

2. Market Risk
3. Inflation Risk
4. Business Risk
5. Financial Risk
6. Liquidity Risk
7. Exchange rate Risk

Risk Management Strategy

provides a structured and coherent approach to identifying, assessing and managing risk. It builds in a process for
regularly updating and reviewing the assessment based on new developments or actions taken

1. Make a Plan

Every business should have a solid risk management plan. Here's a guide to putting one together.

The format can vary widely, depending on your companys needs. A risk management plan for a large, complex business could
easily run to hundreds of pages, while a small business might just have a small spreadsheet focusing on the main items.
There are a few essential items to include in a risk management plan, however. Here they are:

a list of individual risks

a rating of each risk based on likelihood and impact

an assessment of current controls

a plan of action

sample table:

Risk Likelihood Impact Risk Score

Key client XYZ Corp is late paying its invoice. 5 2 10

Loss of power for more than 24 hours. 1 3 3

Our COO Janet leaves the company. 4 4 16

A new competitor undercuts the price of our main product. 2 5 10

Scathing product review from an influential magazine/website. 3 2 6

Your full plan will of course have a lot more items, but this example at least illustrates the format.

So to complete our risk management plan, we just need to add two more columns to our table.

The first new column is an assessment of current controls. For each of the risks youve identified, what are you currently doing
to control that risk, and how effective is it?

For example, lets look at the first item on our table: Key client XYZ Corp is late paying its invoice. Maybe you are already
controlling for that risk by having automated reminders sent out when the invoice is close to its due date, and having one of
your staff members responsible for following up personally with phone calls and emails. Youd list those as existing controls on
your risk management plan.

So the next step is to consider the effectiveness of those actions. How well are things working right now? If your client almost
always pays on time, for example, then your controls are effective. But if XYZ Corp has been late with its payments two or three
times already this year, the controls are inadequate. Again, you could use a simple five-point scale here:

1. very inadequate, or non-existent

2. inadequate

3. satisfactory
 4. strong

5. very strong

Then the final element of your plan details the action you plan to take in order to manage the risk more effectively. What could
you do, either to reduce the likelihood of that event happening, or to minimize its impact when it does happen?

This last item is a little more complex, so well look at it in some more detail in the next section of this tutorial.

2. Decide How to Handle Each Risk

So at this point in the series, weve identified all the main risks in our business, prioritized them based on likelihood and impact,
and assessed the effectiveness of our current controls.

The next step is to decide what to do about each risk, so that we can manage them best. In the world of risk management, there
are four main strategies:

1. Avoid it.
2. Reduce it.

3. Transfer it.

4. Accept it.

Each strategy has its own advantages and disadvantages, and youll probably end up using all four. Sometimes it may be
necessary to avoid a risk, and other times youll want to reduce it, transfer it, or simply accept it. Lets look at what those terms
mean, and how to decide on the right classification to use for each of your own business risks.

A. Avoid the Risk

Sometimes, a risk will be so serious that you simply want to eliminate it, for example by avoiding the activity altogether, or using
a completely different approach. If a particular type of trading is very risky, you may decide its not worth the potential reward,
and abandon it.

The advantage of this strategy is that its the most effective way of dealing with a risk. By stopping the activity thats causing the
potential problems, you eliminate the chance of incurring losses. But the disadvantage is that you also lose out on any benefits
too. Risky activities can be very profitable, or perhaps have other benefits for your company. So this strategy is best used as a
last resort, when youve tried the other strategies and found that the risk level is still too high.

B. Reduce the Risk

If you dont want to abandon the activity altogether, a common approach is to reduce the risk associated with it. Take steps to
make the negative outcome less likely to occur, or to minimize its impact when it does occur.

With our earlier case, Key client XYZ Corp is late paying its invoice, for example, we could reduce the likelihood by offering an
incentive to the client to pay its bills on time. Maybe a 10% discount for early payment, and a penalty for late payment. Dealing
with late-paying customers can be tricky, and we covered it more in our tutorial on managing cash flow more efficiently, but
these are a couple of options.
In the same example, we could reduce the impact by arranging access to a short-term credit facility. That way, even if the client
does pay late, we dont run out of money. For more on short-term borrowing options like factoring and lines of credit, see our
tutorial on borrowing money to fund a business.

This is probably the most common strategy, and is appropriate for a wide range of different risks. It lets you continue with the
activity, but with measures in place to make it less dangerous. If done well, you have the best of both worlds. But the danger is
that your controls are ineffective, and you end up still suffering the loss that you feared.

c. Transfer the Risk

Were all familiar with the concept of insurance from our everyday lives, and the same applies in business. An insurance contract
is basically a transfer of risk from one party to another, with a payment in return.

When you own a home, for example, theres a big risk of losses from fire, theft, and other damage. So you can buy a home
insurance policy, and transfer that risk to the insurance company. If anything goes wrong, its the insurance company that bears
the loss, and in return for that peace of mind, you pay a premium.

When you own a business, you have the option to transfer many of your risks to an insurance company as well. You can insure
your properties and vehicles, and also take out various types of liability insurance to protect yourself from lawsuits. Well look at
insurance in more detail in the next tutorial in the series, but its a good option for dealing with risks that have a large potential
impact, as long as you can find an affordable policy.

D. Accept the Risk

As weve seen, risk management comes at a price. Avoiding a risk means constricting your companys activities and missing out
on potential benefits. Reducing a risk can involve costly new systems or cumbersome processes and controls. And transferring a
risk also has a cost, for example an insurance premium.

So in the case of minor risks, it may be best simply to accept them. Theres no sense investing in a whole new suite of expensive
software just to mitigate a risk that wouldnt have had a very big impact anyway. For the risks that received a low score for
impact and likelihood, look for a simple, low-cost solution, and if you cant find one, it may be worth simply accepting the risk
and continuing with business as usual.

The advantage of accepting a risk is pretty clear: theres no cost, and it frees up resources to focus on more serious risks. The
downside is also pretty clear: you have no controls in place. If the impact and likelihood are minor, that may be fine. But make
sure youve assessed those things correctly, so that you dont get a nasty surprise.

5. Monitor

Putting measures in place isn't enough; you also need to check whether they're working, and monitor your business on a regular
basis to identify and deal with new risks.

The starting point is the plan youve been putting together. You should now have a list of all the risks in your business, an
assessment of their likelihood and impact, an evaluation of your current controls, and an action plan for dealing with
them. Heres an example of how it could look when you put it all together (click the Risk management plan and register button
at the bottom of the page).
The danger with a document like this is that you spend lots of time preparing it initially, but then never go back and update it
later. A good risk management plan must be a living document, constantly referred to and updated to reflect new situations,
new risks, and the effectiveness of your actions.

First of all, each action you define should have a target date for completion, and a person whos primarily responsible for it. For
example, with our late-paying client, we could decide that our salesperson, Tina, will be responsible for renegotiating payment
terms with XYZ Corp. to create incentives for timely payment, and that this will be completed by March 1st.

When Tinas finished doing this, youd move that from the actions column to the current controls column. Then over the
following months, youd assess how effective the new payment terms are at reducing the risk. If theyre still not effective, you
could look at the short-term financing option to reduce the impact of the late payments.

If neither of those options work, then you could look for other alternatives. If youve tried everything and the client still pays
late, then you may decide to accept the risk if the clients business is really important to you, or you could go for the nuclear
option of eliminating the risk altogether by avoiding doing business with that client.

The situation will evolve constantly over time, as the risks change and your responses to them have their own effect. Some of
the controls you put in place may reduce the likelihood of the client paying late, making it less important to deal with. Or you
may take on so many other clients that XYZ Corp. accounts for a smaller share of your revenue, so the impact of late payment is
smaller. All of this needs to be accounted for.

Theres no hard and fast rule about how often to update your risk management plan. Large companies have whole departments
dedicated to full-time risk management, whereas in a small company the resources you can devote to it will probably be more
limited. The key is to make a commitment to update your plan regularly, whether thats on a monthly basis, quarterly, or even
annually.

One of the best approaches is to make small changes to individual items on an ongoing basis, as the changes occur, and then to
carry out a more comprehensive review of the document on a less frequent, but still regular schedule. The comprehensive
review would include going back to the steps we covered in the earlier parts of this series, brainstorming about all the risks your
business is subject to, adding new items to the list, and ranking them by importance. Then do the same with your existing risks,
noting any changes.

Cost of risk to firms

The price the company must pay to manage its risk exposures, It is typically comprise of the expected cost and direct
and indirect losses arising from Risk Retention, Loss control, Loss financing and risk reductions activities

Every facet of your organization affects your cost of risk. It is difficult, at best, to quantify all aspects of this total cost of risk. For
example, if you manufacture specialty equipment or products and you are faced with a recall, what is your loss of reputation or
market share? In contrast, other components of your total cost of risk are easily quantifiable, such as insurance premiums, or
the downtime of a custom piece of machinery and the resulting lost production.

Total cost of risk is an insurance term describing the cost of both pure and speculative risk. Additionally, cost of risk is
synonymous with price the price of your risk management program. By taking a total cost of risk approach you can positively
affect your price.
The goal then is to structure a risk management program that protects the four main asset categories of your business:
 Organization
Personnel
Property
Net income
The structure of your risk management program looks to the endgame of your price. To reach the endgame you seek, you must
first further define Risk Management into four key tenets:

Identification of exposures through analysis

Implementation of control measures to those exposures
Risk transfer or financing
Management of current and future exposures
Identification of Exposures Things to Think About
Exposures are both qualitative and quantitative. Analyses into both arenas offer the starting foundation of understanding your
current exposures to develop forward-thinking approaches. The qualitative discussion will confirm if the business initiatives are
in correlation to the risk management program.

As a CFO, you should look to confirm that your risk management approach supports your overall business objectives. What risks
or concerns do you have relative to your business i.e. what type of event would shut you down? If that concern happened, how
would your income or cash flow be affected if there were unforeseen depletions of capital or a shutdown in the plant?

A discussion on the qualitative aspects of your business provides the important details needed to solidify the most appropriate
game plan to your endgame, price.

What is your viewpoint on risk? Are you/your company risk averse? Is your company in a financial position to take on more risk
versus transferring that risk to another party or contractually to a carrier?

To help determine your risk aversion, it helps to assess your company history. For example, if you are a start-up company, cash
flow and funds are typically tight, so you are more likely to be adverse to risk to protect the financial viability of your start-up
organization.

Conversely, if your company has a 20+ year history, there are also risks, including becoming obsolete, stagnant, or too
conservative with your business plan.

Furthermore, consider your industry, market position, and competition in positioning your risk management solution to the
changing needs and direction of your business.

Quantitative analysis supports the qualitative interview. Look at the hard numbers and prior losses to identify trends in your
performance. Also analyze losses to identify a variety of variables, such as:

average incurred costs per loss

total incurred trends
top loss drivers
locations with high frequency issues
fraud behaviors
reporting lag time
 frequency vs. severity ratios
OSHA recordable performance
The results of this type of analysis will reveal opportunities to approach the critical areas driving your total cost of risk, price.
This evaluation will help to isolate the root causes of these problematic areas and look to implement control measures to
mitigate this exposure.

Implementation of Control Measures

Now that you have identified exposures you can focus the appropriate resources to areas that will deliver the highest impact on
your bottom line. Control measures should be designed from a pre-loss perspective.

An estimated 75 percent of commercial insurance expenses are claims driven. Look to control and reduce this percentage
through pre- and post-loss control measures.

A comprehensive loss control evaluation points to strengths and weaknesses in loss control programs. One may have strong
management leadership behind his or her initiatives but have no employee buy-in or participation. Create a risk reduction
culture, establish a safety committee, delivering a comprehensive employee safety education campaign. Your business
operations will determine the types of measures and approaches to take in addressing your exposures.

There are many post-loss or cost containment strategies. A proactive and effective Return to Work program is one strategy that
positively affects your bottom line: offering a bank of modified duty jobs for employees and informing the doctor there is
modified work available.

Also, establish a relationship with a local occupational medicine clinic. Interview them to learn about their services and tour
their facilities. Invite the physicians into your business to get a first-hand look and understanding of your operations. By
providing them with the details of your operations, they can accurately evaluate reported injuries to confirm if they are work
related.

Fraudulent claim behavior can drive the cost of risk out of control. The National Insurance Crime Bureau often approaches
insurance fraud rings between doctors, physicians and people. Whether its an auto accident or alleged workplace accident,
send a clear message that fraud will not be tolerated.

Anti-fraud tactics include educating employees on the effects of insurance fraud through payroll stuffers and worksite posters,
and offering safety incentives for solid performance. Also, keeping a motor vehicle accident kit in each one of your company
vehicles, along with a disposable camera, allows you to document evidence, providing a stronger subrogation results.

An active Loss Control Program and post-loss procedures are key to cost containment.

Risk Transfer/Financing
Once you have identified exposures and created control measures, you can focus on the remaining exposures to transfer and/or
finance. You will want to address questions such as: How much risk can you afford to assume in-house? How can we assist in
contractually transferring that risk to a third party? Lastly, what portion of the exposures do we want to finance through an
insurance policy?
Addressing these questions offers a direction as to how to approach the financing of your risk. Think about current cash flow
needs. Are account receivables current? If there is a lag, how long is it, and are there resources to correct it?

Considerations involve self-insured retentions if you have a mature loss control program and the financial reserves to cover
those shock losses that occur. Therefore, a combination of insurance and non-insurance strategies should be considered.

Manage Your Exposures

It is estimated that 25 percent of businesses that sustain a major catastrophe are no longer in business within a years time. If
there is an interruption in your operations, are you prepared?

In a dynamic business environment, risks and exposure change constantly. Therefore, continual monitoring of the programs in
place is essential, as well as future business expansions, will help to dictate the course of your risk management program.

We highly recommend you:

Develop a Strategic Action Plan to put the needed control measures in place, including a Disaster Recovery Plan. This involves
backing up your policies and procedures.

Offer consistent loss control policies and procedures to all divisions and departments within your organization.

Cost of Risk Resources

To develop the most appropriate risk management program for your organization, you should look to approach insurance
through a variety of insurance and non-insurance strategies, such as:

Identification processes (qualitative and quantitative)

Loss analysis tools to uncover exposures
Implementation of pre- or post-loss initiatives that address cost containment
Business continuation planning/disaster recovery
Risk financing options, retained losses or transferred
Regulatory compliance issues
As you can see, risk management and protecting your organization is not about just buying an insurance policy. It is about
developing a strategic action plan, execute on that plan, and fully commit to the monitoring and support of those initiatives.

Total cost of risk is an insurance term describing the cost of both pure and speculative risk. Additionally, cost of risk is
synonymous with price the price of your risk management program. We at Premier Risk Management take a total cost of
risk approach to positively affect your price. We dig deep to advocate for you.
This Cost of Risk, Price Control Risk Insights is not intended to be exhaustive nor should any discussion or opinions be construed
as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice.

Benefits of risk reductions

Portfolio managers have several standby risk-reduction strategies they rely ondiversified asset allocation, regular rebalancing,
and the occasional market timing tacticto guard against large drawdowns. But do they really work? What are the potential
advantages and disadvantages of these strategies?

Asset allocation and rebalancing

Looking at asset allocation and rebalancing first, lets assume you started 2013 with a $100,000 portfolio, with an allocation of
60-percent stocks/40-percent bonds. At the end of the year, that would have turned into $79,434 for stocks and $39,188 for
bonds, using the S&P 500 and the Barclays Aggregate Bond indices, respectively, for a total of $118,622. Rebalancing would have
brought this to $71,173 in stocks and $47,449 in bonds.

By reallocating more than 10 percent of your stock position to bonds, you would have been less exposed to the decline in stocks
in January 2014 and more exposed to the gains in bonds. Although you would have been in a relatively superior position to
someone who had just let the gains run without rebalancing, you still would have had a relatively large exposure to losses in the
equity portion of your portfolio.

Moving average signals

If you elected to add another layer of risk protection, such as getting out if the market dropped below a moving average, your
results would depend on the level of risk you wanted to eliminatethat is, the term for the moving average you selected. Using
a 50-day moving average, for example, you might have gotten out at about 1,810 and been spared any decline after that point. If
you were using a 100- or 200-day moving average, on the other hand, you would still have been in the market and exposed to
any further losses down to that point.

On the flip side, using the 50-day moving average often results in many more moves in and out, with consequent costs and tax
implicationsand you potentially miss out on upside moves until the moving average catches up with the index. This is why
tactical strategies tend to underperform in bull markets, as they miss upside by stepping out during what turn out to be
temporary dips.

Looking at the chart below, for example, you can see that stepping out at either the 50- or 100-day moving average line anytime
from January 2013 to January 2014 would have caused several sets of transaction costs, tax implications, and potential losses of
upside, as the market continued to rise. Using these lengths as the basis of a tactical strategy would have been a loser during
the period shown.

Selecting a risk-reduction metric, whether a moving average or another tool, is therefore a balance between the risk youre
willing to take and the number of transactions or amount of activity youre willing to accept. The longer-term the metric, the
more effective downside risk youll face, but the fewer transactions and costs.

Another consideration is how often you end up reviewing the portfolio. More frequent reviews arent necessarily better. Often,
as the chart above shows, any breaks are just noise that would be ignored if you reviewed a portfolio monthly, but you would
likely end up trading if reviewing daily or weekly.

Recasting the balance between risk and return

Putting all of this into context, what this means, ideally, is that youve already reviewed the data; decided on the approach you
want to take, whether buy-and-hold or tactical; and laid out your decision rules. Looking at our hypothetical scenario, if you
decided on a tactical rule based on the 50-day moving average, you probably would already be outand just as important,
youd know when to get back in. For a longer-term indicator, you would still be in, but youd know when you should get out. By
properly testing these rules, you can remove a lot of the uncertainty from the portfolio management process and have a
reasonable idea, based on history, of the risk levels youre assumingand the costs you'll incur.

You have to remember, though, that any set of rules is fallible. For example, had the flash crash stuck, it would have hit any
tactical portfolio just as hard as a buy-and-hold one because it happened too fast. Markets could behave differently in the
future, repeatedly nudging above your metric only to retreat and drop some more.
And, of course, as we see from the chart above, the market can turn around and take off againpotentially for years at a time.
It certainly has done so throughout much of 2014. This is why market timing fell out of favor in the first place, because of
persistent underperformance to buy-and-hold strategies during a multidecade U.S. bull market.

The idea behind any of these strategies is to recast the balance between risk and return, focusing more on riskespecially in
higher-risk times, such as when valuations are high, like nowat the expense of some limited amount of return. Im not actually
recommending such strategies, as their applicability depends on the individual investors understanding and personal risk and
return preferences, but I do think theyre worth a look.

The preceding contains hypothetical examples and is for illustrative purposes only. No specific investments were used in
these examples. Actual results will vary. Asset allocation programs do not assure a profit or protect against loss in declining
markets. No program can guarantee that any objective or goal will be achieved. All indices are unmanaged and investors cannot
actually invest directly into an index. Unlike investments, indices do not incur management fees, charges, or expenses. Past
performance does not guarantee future results.