1.

Introduction
1.1 Introduction to Risk Management
Risk management is the identification, evaluation, and prioritization of risks (defined
in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and
economical application of resources to minimize, monitor, and control the probability or
impact of unfortunate events or to maximize the realization of opportunities.
Risks can come from various sources including uncertainty in financial markets, threats
from project failures (at any phase in design, development, production, or sustaining of
life-cycles), legal liabilities, credit risk, accidents, natural causes and disasters, deliberate
attack from an adversary, or events of uncertain or unpredictable root-cause. There are two
types of events i.e. negative events can be classified as risks while positive events are
classified as opportunities. Risk management standards have been developed by various
institutions, including the Project Management Institute, the National Institute of Standards
and Technology, actuarial societies, and ISO standards. Methods, definitions and goals
vary widely according to whether the risk management method is in the context of project
management, security, engineering, industrial processes, financial portfolios, actuarial
assessments, or public health and safety.
Strategies to manage threats (uncertainties with negative consequences) typically include
avoiding the threat, reducing the negative effect or probability of the threat, transferring all
or part of the threat to another party, and even retaining some or all of the potential or actual
consequences of a particular threat, and the opposites for opportunities (uncertain future
states with benefits).
Certain risk management standards have been criticized for having no measurable
improvement on risk, whereas the confidence in estimates and decisions seems to
increase.[1] For example, one study found that one in six IT projects were "black swans"
with gigantic overruns (cost overruns averaged 200%, and schedule overruns 70%).[4]
In ideal risk management, a prioritization process is followed whereby the risks with the
greatest loss (or impact) and the greatest probability of occurring are handled first, and
risks with lower probability of occurrence and lower loss are handled in descending order.
In practice the process of assessing overall risk can be difficult, and balancing resources
used to mitigate between risks with a high probability of occurrence but lower loss versus
a risk with high loss but lower probability of occurrence can often be mishandled.
Intangible risk management identifies a new type of a risk that has a 100% probability of
occurring but is ignored by the organization due to a lack of identification ability. For
example, when deficient knowledge is applied to a situation, a knowledge risk
materializes. Relationship risk appears when ineffective collaboration occurs. Process-
engagement risk may be an issue when ineffective operational procedures are applied.
These risks directly reduce the productivity of knowledge workers, decrease cost-
effectiveness, profitability, service, quality, reputation, brand value, and earnings quality.
Intangible risk management allows risk management to create immediate value from the
identification and reduction of risks that reduce productivity.
Opportunity cost represents a unique challenge for risk managers. It can be difficult to
determine when to put resources toward risk management and when to use those resources
elsewhere. Again, ideal risk management minimizes spending (or manpower or other
resources) and also minimizes the negative effects of risks.
Risk is defined as the possibility that an event will occur that adversely affects the
achievement of an objective. Uncertainty, therefore, is a key aspect of risk. Systems like
the Committee of Sponsoring Organizations of the Tradeway Commission Enterprise Risk
Management (COSO ERM), can assist managers in mitigating risk factors. Each company
may have different internal control components, which leads to different outcomes. For
example, the framework for ERM components includes Internal Environment, Objective
Setting, Event Identification, Risk Assessment, Risk Response, Control Activities,
Information and Communication, and Monitoring.
The Term Risk Management is “A systematic way of protecting the concern’s resources
and income against losses so that the aims of the business can be achieved without
interruption”. Thus, risk management stands for prevention and mitigation of harm. In case
of insurance, risk management is a tool or technique to design and modify insurance policy
to minimize loss.
We are studying risk management for its positive and negative effect. Risk management is
important for every organization but it has special importance in an insurance company. It
is a process by which an organization identifies the risk attached with their activities and it
is done to ensure the sustainability of benefit.
Risk management is formally defined as the process by which an organization assesses and
addresses its risks. Historically, the role of risk management has been associated with
insurance-buying, occupational safety and health, and legal liability management. In recent
years managers and physicians alike have begun to recognize that organizational risks are
pervasive, that these risks are extraordinarily diverse and complex, and that these risks are
not just confined to "insurable" or accident-related situations. They may include risks
arising from actions of regulatory bodies, third party payers, hospitals, partners, and
employees, in addition to the physiatrist's personal or business investment, management
and clinical practice. Furthermore, changing customer and patient preferences and/or
expectations make the assessment of risk an even more dynamic and continuous process.
This article describes the formal risk management process and suggests ways that
physiatrists can apply risk management to their business and clinical practice. In
developing this description, physiatrists and their office managers will learn about the
overall goals and objectives of risk management, the challenge of identifying and analyzing
risks, the tools and treatment options available, and the means by which risk management
efforts are effectively implemented.
1.2 Process of the risk management

For the operation or the process that wish to be taken risk management is the framework
for that. To advocate this perils there are five steps that are necessary to be taken in this
process; all this impression that are needed to be taken are called as the process to manage
the risks or perils that are needed to be taken care of to avoid it or to reduce the impact of
the risks.

The Process of the risk management begins with: -

1. Identification of the risks is the first part in the process of the risk management and
one of the most important part in the management of the risk as it is the base of the
process of the risk management.
2. Analyze of the risk is the second part in the process of the risk management it is
necessary to figure out or investigate the happenings in the organization in order to
know the cause of the risk.
3. The third step is the risk prioritization which means to formulate or prearrange the
risk it can also be called as estimation of risk.
4. The fourth step of the process is to treat the risk which can be done by finding the
solution to the problems.
5. The fifth and the final steps of the process is to monitor or in simple words to check
the risk and review the risk

Documentation and administration is necessary in each steps of the process in case

of the manual system

Now let’s look at how these processes are being carried out in each step in more digital
format which can be seen in the following diagram mentioned below.
Step 1: Identify the Risk

In its operating environment, the first basic step starts with the identifying of the risks that
the organization or the business is being exposed to. During the identification of the risk
we came in touch with lots of risks that are regulatory risks, environmental risks, market
risks, legal risks, and many more different types of risks. Many of these risk factors are
needed to be identified as quick as possible before the effect of this risks keep increasing
like wild fire. This risks or perils are noted down manually in the manual environment.

All this information that is being collected is being inserted directly into the system only if
the organization has a risk management solution that is being employed.

Every stakeholder in the organization would have the access to this system that is the main
advantage of these approach that these risks would be now visible to them.

In the risk management system, any person who want to have access to the information of
the identified risk can see any time since instead of this vital information being locked
away in a report which should be requested via email is free for every person to access.
Step 2: Analyze the risk

The risks are needed to be analyzed once they are being identified in the process. It is
necessary that the scope of the risk must be determined. Understanding the link between
the risk and different factors within the organization is also important to know.

It is necessary to know how many business functions the risk affects to determine the
severity and seriousness of the risk.

There are risks which will only be minor inconvenience in analyzed, while there are risks
which can bring the whole business to a standstill if actualized. This analysis must be done
manually in a risk management environment.

When a risk management solution is implemented one of the most important basic steps is
to map risks to different documents, policies, procedures, and business processes.

This means that the system will already have a mapped risk framework which will evaluate
risks and let you know the far-reaching effects of each risk.

Step 3: Evaluate or Rank the Risk

It is necessary that the risks are needed to be prioritized and ranked.

Depending on the severity of the risk most risk management solutions have different
categories of risks. Ranking of the risk is very important because it allows the organization
to gain a holistic view of the risk exposure of the whole organization. Risks that can result
into catastrophic loss are rated highest while a risk that may cause some inconvenience is
rated lowly.

The business may not be required upper management intervention as the business may be
vulnerable to several low-level risks.

On the other hand, just one of the highest rated risks is enough to require immediate
intervention.

Step 4: Treat the Risk

It is necessary that every risk is needed to be contained or eliminated as much as possible.

It is easily being done by connecting with the experts of the field to which the risk belongs
to.

This entails are contacting each and every stakeholder and then setting up meetings so
everyone can talk and discuss all such issues in case of a manual environment. The major
problem is that the discussion is being broken down into many different email threads,
across different documents and spreadsheets, and many different phone calls.

All the relevant stakeholders can be sent notifications from within the system in case of the
risk management solution. Within the organization, the discussion regarding the risk and
its possible solution can take place.

Upper management can also keep a close eye on the solutions being suggested and the
progress being made from within the system. Everyone can get updates directly from
within the risk management solution instead of everyone contacting each other’s for
updates.

Step 5: Monitor and Review the risk

Some risks are always present it is not easy to eliminate all the risks. Few of the risks that
are always being needed to monitored is Market risks and environmental risks are the two
examples you should keep an eye on. Monitoring happens through diligent employees
under the manual systems.

It is necessary to keep a close watch on all the risk factors by the professionals who keeps
a close eye on the risk factors.

The entire risk framework of the organization needs to be monitored by the risk
management system under a digital environment. It is immediately visible to everyone if
any factor or the risk starts to change. At the process of continuously monitoring of the
risks Computers are a much better source than the people.

The continuity of the business depends upon the proper monitoring of the risk.

Under a digital environment, the risk management system monitors the entire risk
framework of the organization. If any factor or risk changes, it is immediately visible to
everyone. Computers are also much better at continuously monitoring risks than people.
Monitoring risks also allows your business to ensure continuity.

1.3 Tools and Techniques of Risk Management

 Risk Appetite Risk Self- Common Risk
Risk Registers
Assessments Language
• Risk appetite • Risk • The risk • A common
is the amount assessment is registers are risk language
of risk that an the basic unit the central forms an
organization is of risk repository of important
prepared to identification risk part of the
accept, across the information. overall risk
tolerate, or be company and They basically management
exposed to at typically store the risk framework.
any point in should be and control
time performed by information
the for a process,
departments department,
themselves or entity.

Risk Appetite
The amount of risk than an organization is prepared to accept, expose or to be tolerated at
the any point of time is called as Risk appetite.
At the process of decision making Risk appetite can provide consistency.
It enables people to take well-calculated risks when opportunities arise that will improve
delivery, and conversely, to also identify when a more cautious approach should be taken
to mitigate a threat.
The CRO should ensure that the risk owners articulate their risk appetite as an effect on
capital, so that one can easily understand and monitor.

Risk Self-Assessments
Risk assessment is being considered as the basic unite of risk assessments across the
company and typically should be performed by the departments themselves though
facilitated and challenged by the risk management people.
A risk self-assessment is a very powerful tool and is based on the premise that those who
perform or facilitate a process best know their risks. These exercises can uncover
emerging risks. A risk assessment exercise done with top management for articulating the
major risks to the company is the entity-level risk assessment. Such risk assessments
should throw up the strategic risks for the company in the near and long term.
Efficacy of entity-level risk assessment lies in seeing whether there was an emerging risk
in the past that caught the management unaware. These could be vulnerable points that
require a tightening of risk assessment.
Entity-level risk assessments should be matched by risk assessments done at departments
and function levels. The structure of such risk assessments should mirror the
organizational structures. If every manager in a company, including the CxOs, have their
top risks to focus on and if these are linked to performance objectives, the tone and level
of risk management in the company would be very robust. Depending on the extent of
risk assessments, the process, transactions, and applications could also be covered by risk
assessments. Risk assessments should provide inputs for risk registers. Risk registers are
the compendium of risks and their controls. A typical risk registers (Figure 5) is a good
tool to assess the effectiveness of risk mitigation in the company. The risk registers could
be used by auditors to drive their audit planning and extent of their testing. The top-down
risks from entity-level risk assessments have some correlation with some of the down-up
risks coming from process-level assessments. For example, if attrition is one of the top
risks, some of its components can come from process-level risks, such as excessive
disciplinary action, or high reliance of a process on few skilled staff. For operational
risks, the top-down risks can usually be drilled into bottom-up risks.

Risk Registers
The risk registers are the central repository of risk information. They basically store the
risk and control information for a process, department, or entity. Typically, the risk
registers contain the risk description, risk category, risk owner, gross risk measure,
[severity (impact) and likelihood before controls], control details, and strength of the
controls (self-assessed as well as assessed by risk management), net risk measure,
[severity (impact) and likelihood after controls], action plans, and deadlines to project
target risk as impact and likelihood. Control documentation, including end-to-end process
maps, key control sheets, and procedures manuals can be attached to the risk register. Use
of colors can provide the visual triggers regarding the statuses – which of the risks need
attention. Output from the Register can be used in quantitative risk analysis for reserving
purpose, management information in the form of Top risk report and an Internal Audit
plan which can be partly driven by the identification of less strong controls within the
business.

Common Risk Language

The important part of the overall risk management framework is a common risk
language.
To facilitate an understanding of the risks facing the company helps to enable the
meaningful comparisons that are to be drawn between risk information being provided by
the risk owners. With a common risk language, the management, the risk owners, and
interested stakeholders would find it easier to fully understand or effectively
communicate the risks that the group faces. The common risk language is expressed
through the common risk framework consisting of standard risk categories, consistent
risk identification, scoring and prioritization methodologies, and a common risk-
recording mechanism.
1.4 Reasons for the Risk Management

Having a risk management plan also makes financial sense because it allows businesses
to prepare themselves financially for the most likely problems. It may also increase a
business’s appeal to lenders. In addition, risk management plans protect the company’s
resources by allowing the company to prioritize risks and plan to deal with each
possibility. This conserves important resources, allowing the company to focus on more
important tasks such as accomplishing sales goals and more.

Risk management in business can improve the company’s brand by letting employees,
customers and other businesses know that the company is responsible and resourceful.
Furthermore, risk management plans give companies a chance to gather important
information that may be useful for other purposes as well.

In business, why do we manage risk? The simple answer is, risk taking is a part of every
business, but it is important that a company knows how to deal with the impact of the
negative risks. This makes the need for risk management in business apparent. Risk
management plans help a business determine what their risks are in order to reduce their
likelihood and provide a means for better decision-making in order to avoid future risk.
The importance of risk management in business cannot be understated. Keep reading
to learn why risk management plans are an important element of successful businesses.
We’ve broken it down into the 6 most important reasons for risk management.

1. A risk management plan helps companies identify risk

It is important for a business to identify potential risks. When a business is aware of the
potential risks that are associated with their business, it is easier to take steps to avoid
them. Knowing the risks makes it possible for the managers of the business to formulate a
plan for lessening the negative impact of them. Also, once the risks are identified,
managers will be able to analyze them and make a logical decision regarding how to deal
with them. According to the Huffington Post, there are four main types of risk about
which a business needs to be aware.

 Market risk is the risk that is associated with the potential for the value of the
assets of a business to decrease in due to external factors such as interest rates,
foreign exchange rates, and commodity prices.
 Credit risk refers to the losses that occur when a debt that is owed is not paid to
the company.
 Operational risk refers to the potential of business losses that occur due to
inadequate actions or failures on the part of the business or external factors. Some
reasons for operational risk include the following:
o Internal fraud
o External fraud
o Employment practices
o Client and business practices
o Business continuity practices
 Reputational risk develops from the possibility of damage to the company’s
reputation due to both internal and external factors.

2. Having a risk management plan is fiscally prudent

Businesses that have risk management plans in place can more easily be financially
prepared when a problem arises. Often, lenders will be more willing to increase credit
limits or extend loans to companies that have a risk management plan in place.
3. A risk management plan protects a company’s resources

A risk management plan not only identifies risks, it also makes it possible for a company
to prioritizes them. This allows a company to plan for the risks and respond to them more
quickly and appropriately. This course of action saves the company time, money, and
physical resources and allows workers to spend more time working at tasks that are
related to the business.

4. A risk management plan improves a company’s brand

When a company is proactive and creates a risk management plan, it sends a positive
message about the business. Employees feel confident that they are working for a
resourceful and responsible company, and customers have assurance they are doing
business with a company that is proactive and professional. Overall, having a risk
management plan shows that a company is reputable and holds itself to a high standard.

5. A risk management plan can help a company discover reusable information

Risk management requires a collaborative effort and involves many people. The
information that is gathered and learned through the process of developing a risk
management plan can be applied to situations that arise well after the plan was
developed. Therefore, those who are impacted by the plan do not need to start from
scratch whenever an issue needs to be resolved.

6. Risk management plans and insurance

Every risk management plan that is created should include insurance as one of its
elements. Part of creating a risk management plan is determining how to reduce the
impact a risk will have on a company. Having appropriate insurance in place is one way
to help defray the effect of negative risks. Some examples of businesses insurance that is
helpful to include in a risk management plan include:

 Day spa and salon insurance can cover a salon owner in the event a client’s hair or
scalp is damaged during a processing treatment.
  Tattoo shop insurance can cover a shop owner in the event an artist makes an
irreparable mistake during a tattooing.
 Performers insurance covers a performer if an audience member is injured during
a performance
 Martial arts studio insurance protects a studio owner if a student is injured during
instruction.
 Camp insurance can protect a camp owner if anyone is injured on the camp’s
premises.

All businesses should have a risk management plan that includes insurance coverage.

1.5 Strategies for risk management

1. Reduction
Risk reduction implements small changes to reduce the weight of both risk and reward
post-event. The reduction will require some process and plan manipulation, but it will
save your company from a severe loss in the case of a high-risk manifestation.

2. Sharing
Risk sharing or transferring redistributes the burden of loss or gain over multiple parties.
This could include company members, an outsourced entity or an insurance policy.

3. Retention
Risk retention involves assuming the loss or gain, entirely. This option is best for small
risks where the losses can be easily absorbed and made up.
Are you looking for guidance through your company’s risk management
process? Quantum FBI has the solutions you need to identify and assess risks and to
apply the best solution or strategy. Reach out to us today!

4. Avoid

Avoidance eliminates the risk by removing the cause. It may lead to not doing the activity
or doing the activity in a different way. The project manager may also change or isolate
the objective that is in trouble. Some risks can be avoided by an early collection of
information, by improving communication between stakeholders or by use of expertise.
Example of this approach includes extending the schedule or changing the scope of the
project activity. Another example could be a risk which is too hazardous that it may lead
to loss of life and is avoided by shutting down the project altogether.

5.Transfer

In Risk Transfer approach, the risk is shifted to a third party. The third-party, like
insurance company or vendor, is paid to accept or handle the risk on your behalf and
hence the ownership, as well as impact of the risk, is borne by that third party. This
payment is called a risk premium. Contracts are signed to transfer the liability of risks to
the third party.
Risk Transfer does not eliminate the risk, but it reduces the direct impact of the risk on the
project. Few Transference tools are an insurance policy, performance bonds, warranties,
guarantees, etc. This approach is most effective in covering financial risk exposure.

6. Mitigation

Mitigation reduces the probability of occurrence of a risk or minimizes the impact of the
risk within acceptable limits. This approach is based on the fundamental principle that
earlier the action taken to reduce the probability or impact of a risk is more effective than
doing fixes to repair the damages after the risk occurs.
Example of mitigating a risk includes the use of advanced technology or best practices to
produce more defect-free products. Mitigation may require a prototype development to
measure the risk level. In the case where it is not possible to reduce the probability of the
risk, the risk impact reduction is targeted by identifying the linkages that determine the
risk severity.

7. Accept

Acceptance means accepting the risk, especially when no other suitable strategy is
available to eliminate the risk. Acceptance can be passive acceptance or active
acceptance.
Passive acceptance requires no other action except to document the risk and leaving the
team to deal with the risks as they occur. In an active acceptance approach, a contingency
reserve is designed to recover the losses of time, money, or resources.

8. Exploit

Exploitation increases the chances of making a positive risk happen, leading to an

opportunity. As a project manager, you assigned sufficient and efficient resources to take
advantage of this opportunity. This approach reduces the uncertainty associated with a
positive risk by ensuring that it happens.

9. Enhance
Enhancing involves increasing the probability of occurrence of the risk and expanding its
impact. This is done by identifying and influencing the various risk triggers. Example of
enhancing an opportunity includes adding more resources to project activities to finish it
earlier.

1.6 Risk Management in General Insurance

Risk management in the insurance business is a bit of a head scratcher. On the one hand,
insurance companies are selling what many people consider to be a risk mitigation. On
the other hand, insurance companies themselves face a variety of risks they need to
mitigate.
Let’s briefly consider a misconception about insurance as it pertains to risk management.
Too often, people think insurance is a sufficient, catch-all control activity. But while
insurance is a perfect way to protect a business from many risk scenarios, there are other
scenarios insurance just can’t cover. Oftentimes, insurance does not cover the core
competency of a business.

Insurance companies can “self-insure” or purchase coverage from a reinsurer, but this
doesn’t ensure all of the company’s risk is accounted for. One of an insurance company’s
core competencies is providing customer service to those who need to submit a claim. If
customers consistently have poor customer service experiences, they’re likely to share
their stories on social media, tarnish the company’s reputation, and the company will fall
behind the competition.

How Can Insurance Companies Benefit from Risk Management?

According to a recent study, the National Association of Insurance Commissioners
(NAIC), core risks in the insurance business include “underwriting, credit, market,
operational, liquidity risks, etc.” Given this wide variety of concerns, there is a
tremendous opportunity for risk management in insurance companies to make a positive
impact.

To return to the customer service example above, let’s look at how enterprise risk
management could help. Risk management involves identifying, assessing, and
mitigating risk. The beauty of a well-implemented risk management program is it’s built
on a foundation of standardized risk assessments to help companies prioritize their risk
based on its potential impact. Naturally, this process will surface risks that will impact the
business’s core competencies.

For an insurance company, customer service would inevitably come to the forefront of a
risk assessment. To address this risk, the insurance company could take steps to integrate
incident management and risk management. Most companies have a way to track
incidents like customer complaints, but many do not have a way of categorizing,
prioritizing, and escalating incidents across teams. Risk management in the insurance
business helps centralize and identify trends in the customer feedback. From there,
insurance companies can implement controls to address those trends, such as hiring more
customer service reps to resolve long wait times or implementing call-screenings to
identify less-than-helpful interactions.

Insurance industry is keen in identifying the risks pertaining to their business. The
property, interruption and liability related risks are keenly looked at by the insurers. The
risk management services like underwriting inspections or post loss inspections for
settlement claims are used by them in India. The support of public sector insurance
companies sponsored organizations like Loss Prevention Association of India (LPA),
Tariff Advisory Committee (TAC) was availed by the insurers in addition to the in-house
services of individual companies.
After the dissolution of Loss prevention Association of India and redefined roles of Tariff
Advisory Committee, the companies started looking for specialized risk management
services from private sector. The de-tariffication has necessitated the use of risk services
in the insurance companies, broking houses as well as single entity farms. In addition to
their utility for insurance underwriting business risk management (RM) consultancy
services are considered as the value addition to the clients of insurance companies. The
advent of multinational companies and realization of importance of RM services by the
clients have forced insurance companies to bring the innovative services of RM
consultancy to the Indian markets.

Types of Risks in the General Insurance

Players in the general insurance business are likely to be exposed to varieties of

financial and non-financial risks like capital risk, enterprise risk, asset liability
management risk, insurance risk, operating risk and credit risk arising out of the nature of
Business and the socio-economic environment in which they operate.

Financial risk
Insurance business basically being financial business in nature attracts financial risks in
he forms of capital structure risk, capital (in)adequacy risk, exchange rate risk, interest
ate risk, investment risk, underwriting risk, catastrophic risk, reserve risk, pricing risk,
Claims management risk, reinsurance risk, policy holders and brokers risks, claims
recovery risk and other debtors’ risk. Insurance business undertakes various plans to
manage the financial risk by adopting techniques like interest rate hedging and reserving
determined through financial modeling with the inherent ‘model risk’ given that such
financial models may fail to predict the real outcomes within an acceptable range of
error. -
Non-financial risk
Non-financial risk management has assumed greater significance in the recent years
due to
(i)the growing volume ‘of operational losses
(ii) the industry’s increasing-reliance on sophisticated financial technology with the
latter’s associated probability of failure at times
(iii) the ever-increasing pace of changes in the deregulated insurance regime and
(iv) the globalization process paving the way for the entry of global players.
In addition to these, the ‘volatility’ factor which affects the future cash inflows of the
general insurance business and consequently its value, given that ‘the value of an
insurance company is the present value of its future net cash inflows adjusted for the risks
it undertakes’ is the
other dimension of non-financial risk the insurance business is confronted with. Studies
have proved that a major source of volatility is not related to financial risks but the way
in
which the company operates. Hence the operating risk may arise either from inadequate
or failed internal processes such as employment practices, workplace safety, and
internal fraud or from external events such as external fraud and damage of physical
assets from natural disaster and other uncontrollable events.

Financial and non-financial risks affecting general insurance business in

India
 Risk Factors

Non Financial
Financial Risk
Risk

Capital Risk
Enterprise Risk
Capital Structure Risk
Reputation Risk
Capital Adequacy Risk
Parent Risk
Competitor Risk
Asset Liablility Manaement
Risk
Exchange Rate Risk
Interest Rate Risk Operational Risk
Investment Risk » Regulatory risk
♦ Business continuity risk
Insurance Risk ♦ IT Obsolescence risk
Underwriting Risk ♦ Process risk
Catastrophic Risk ♦ Regulatory compliance
Reserve Risk risk
Pricing Risk ♦ Out sourcing risk
Claims Management Risk

Credit Risk
Reinsurance Risk
Policyholder Risk
Brokers Risk
Claims recovery risk

Pure Risk and Speculative Risks

 Pure risks are those risks where the outcome shall result in loss only or at best a break-
even situation. We cannot think about a gain-gain situation.

The result is always unfavorable, or maybe the same situation (as existed before the
event) has remained without giving birth to a profit (or loss).

As opposed to this, speculative risks are those risks where there is the possibility of gain
or profit. At least the intent is to make a profit and no loss (although loss might ensue).

Investing in shares may be a good example. Pricing, marketing, forecasting, credit sale,
etc. are yet examples falling within the domain of speculation.

Consider another example where we can have the existence of both pure risks and
speculative risks. A garment factory may be in our minds. Here we have:

 Cyclone damage possibility to the factory building,

 Fire damage possibility to stock,

 Machinery breakdown possibility to Machinery,

 Theft possibility to removable items,

 Personal accident possibility of factory workers etc.

Also, we have:

 the question of pricing of the product to remain in the competitive market,

 the question of fashion changes leading to a drastic fall in the demand of the product,

 the question of withdrawal of quota system,

 the question of credit sale

The students should appreciate that in the first set of examples we are indeed talking
about the possibility of certain losses emanating from certain untoward events or
unforeseen contingencies (like a cyclone, fire, theft, accident, etc.) and for convenience
we shall call them the risks of trade.

These are identified as pure risks and as such insurable. Notice that these losses can also
be measured in monetary terms.

As opposed to this, if we refer to the second set of examples we notice that the outcome
of the trade or business is not the result of pure risks but indeed the result of economic
 factors, supply & demand, change of fashion, trade restriction or liberalization, etc. and
for convenience we call them trade risks.

These may be identified as speculative risks and usually not insurable.

Fundamental Risk and Particular Risks

Now coming to the last stage of classification of risk we may consider the subject from
the viewpoint of the cause of risk and its effect. We call such classifications as
fundamental risks and particular risks.

Fundamental risks are the risks mostly emanating from nature. These are the risks that
arise from causes that are beyond the control of an individual or group of individuals.

The losses arising out of such causes may be catastrophic in dimension and felt by a huge
number of populations, the society or by the state although an individual may be a part of
that catastrophe. The common examples are:

 Flood & Cyclone, Subsidence & landslip,

 Earthquake & volcanic eruption, Tsunami,

 The convulsion of nature and other natural disasters,

 Famine, Draught

We may also add in the list perils like war, terrorism, riots & other political activities
which are neither created by nature nor by an individual but resulting in colossal losses.

But one thing is certain which are this that all such perils are impersonal not being caused
or contributed by an individual or even a group of individuals.

Normally fundamental risks were not supposed to be insurable because of the magnitude
and these were considered to be the responsibility of State. Now because of demand and
insurers’ strength, these risks are easily insurable.

Particular risks are; as opposed to what has been narrated hereinbefore, there are risks
which usually arise from actions of individuals or even group of individuals.

These may be identified as causes arising from personal (or group) behavior and effects
(losses) not being of that magnitude.

These are mostly men created because of their negligence, error in judgment,
carelessness, and disregard for law or respect.
 We may even go onto suggesting that these are indeed the cases (both cause and effect)
where there has been an omission to do something which should have been done or there
has been done something which should not have been done.

We may call these as risks of personal nature. The common examples are:

 Fire, Explosion,

 Burglary, housebreaking, larceny, and theft,

 Stranding, Sinking, Capsizing, Collision in case of a ship, including cargo loss,

 Machinery breakdown and deterioration of stock due to machinery breakdown,

 Motor accidents including death and bodily injuries, Industrial accidents,

 The collapse of bridges, Derailments.

Particular risks are insurable risks and most of the insurances relate to these risks.

However, the students should appreciate that risk is a dynamic concept and may be
modified because of the ever-changing situation.

So it may not be unlikely that risk under one classification is changing its character and
identifying itself under another classification.

Levels of Risk in Insurance

Having identified the risk, the question of its frequency or magnitude would be very
much relevant in insurance.

Consider a factory by the bank of a river causing regular floods and consider another
factory near the same river but situated uphill.

Is the risk of flood damage the same for both the factories?

Simple common sense would dictate that the risk of the flood would be more concerning
the first factory (by the bank of the river) as opposed to the second factory (uphill).

To take yet another example to consider a house in a comfortable residential area near to
a fire brigade office and another house in a very crowdy locality surrounded by lanes and
alley bounds and far from any fire brigade office.

Related: Six Principles of Fire Insurance Policies

Certainly, the possibility of a fire loss would be far higher in the second house as opposed
to the first house.

What we are indeed suggesting here is that in the study of risk we are not simply to
contend with the uncertainty as to causation of an event, we should also know the
behavioral pattern or risk frequency and its severity as well.

Extend the example of the house by another hypothesis which gives value to the houses.
The first house in the posh area values $1 million whilst the second house in the crowdy
area values $100K.

Now our imagination is a bit changed because we shall have to bring the severity of loss
into our scenario. Because it is the magnitude of the cost of a loss also which is of
concern to insurers.

Frequency & Severity

As has been indicated in the extended example above, an insurer and risk bearer no doubt
we are interested in loss (event) frequency, but at the same time, we are also interested in
the severity (cost) of loss.

This is so because ultimately we shall have to pay a loss and our premium generation
should be such that would enable us to pay all such claims insured.

Therefore, a correlation is to be established between frequency and severity.

Is it that the more frequent the events are the more is the cost or severity?

This necessarily follows that a distinction is to be drawn between these two.

If we now go through the extended example again can we possibly visualize that although
the possibility (frequency) of fire in the house situated at the crowdy fire-prone locality is
higher as opposed to the house situated at posh area but the severity of loss, should there
be a fire engulfing the house of the posh area, will be much more in comparison to the
house of the crowdy area simply because of the higher value involved?

Having said these, when we go for measuring a risk that is necessarily required from the
viewpoint of both insurer and the insured we start realizing that a distinction between
frequency and severity of risk assumes importance.

This helps the insured to decide whether to go for insurance or not.

Similarly, it helps the insurer to decide as to what premium would be reason enough to
cover loss payment and other incidental expenses, such as, administrative cost, dividend,
etc.
Related: 15 Types of Fire Insurance Policies

Let us recall our previous understanding of uncertainty and lack of knowledge about
future causation of an event.

The more and more an event occurs our knowledge about future causation of the same
event increases and our uncertainty gradually diminishes giving way to certainty.

When uncertainty turns into certainty our prediction about the future becomes stronger
and stronger and our forecast for the future becomes more and more accurate.

This is what an insurer’s objective is and when this point is struck we sit on the driving
seat and take the control of forecasting future events as masters thereof.

Going back to the issue of frequency and severity, if a person finds from experience that
in his trade or profession the frequency as to the causation of an event is quite high with
low cost or severity he might consider retaining the risk of loss on his shoulder.

Related: Fire Insurance: Definition, Functions, Importance (Explained)

On the other hand, if it is found that the frequency as to the causation of an event is rather
substantially low with high severity and cost he may transfer the risk to insurers.

Clandestine thefts in private dwelling houses may be one example of high-frequency

losses with low cost or severity. Shipping risks, Aviation risks, Petrochemical risks, etc.

Maybe examples of low-frequency losses with commendable severity and costs involved.

Following diagrams demonstrate this:

Here the verticle axis represents the frequency of loss event and the horizontal axis
represents the severity (cost) of loss.

In private dwelling houses, the incidence of theft is quite high, but the losses are all small
clandestine thefts.

What is demonstrated here is this that as the number of incidence or frequency goes up
the severity comes down and as the frequency comes down the severity increases.

This position is also supported by a well-known study referred to as Heinrich Triangle.

This was done about industrial injury cases which revealed that the number of major
bodily injuries to workmen emanating from industrial accidents is much less as opposed
to minor bodily injuries or no injuries at all.

The study was made of workers employed in various industries. The object was to find
out the number of bodily injuries arising out of industrial accidents and their severity.

The study revealed that for each major injury there were relatively 30 minor injuries and
in 300 incidents there was no injury at all:

This is the normal behavioral pattern of most of the risks.

However, a typical scenario may emerge in rare cases where with the increase in
frequency the severity also increases as demonstrated in the following diagram:
Here as the frequency becomes higher and higher the severity also goes higher and
higher. These are normally very high valued risks such as Petro-chemical, Aeroplanes,
and Ships, etc.

To complete the study of the meaning of risk and understanding of peril and hazard is
important.

Case Study

Background
At about 6:30 p.m. on Wednesday, July 23, 2014, a patron was leaving a pub
in southeastern Wisconsin. Intending to pull straight out of his parking stall,
he accidently put his vehicle into reverse and accelerated, backing into the
building and caving in the wall. Meanwhile, inside the pub, an employee
was serving drinks from behind the bar, which is near a cooking area with a
broaster. Suddenly, scalding hot grease erupted from the broaster, splashing
everything nearby. The vehicle had hit the wall that contained the cooking
equipment, causing serious injuries to the pub employee and significant
damage to the building.

Situation
On Thursday, July 24, 2014, Society Insurance received notice of an incident
at a policyholder pub in southeastern Wisconsin. Since there were both
employee injuries and property damage associated with this incident, a
specialist from Society’s workers compensation claims team along with a
dedicated representative from Society’s property claims team were quickly
on the case. Care for the injured employee was a top priority, as well as
getting the pub reopened and back to business.
Society InsuranceSolution
Employee Injury & Workers Compensation
All the bartender remembered of the actual incident was what he described as
an explosion and hot grease in the air. He received second and third degree
burns over 20 percent of his body. Surgery was required and the healing
period lasted for a year. Since this was a work-related injury, Society paid the
employee for the time he missed from work, compensation for some resulting
permanent disability, and over $200,000 for necessary medical treatment.

Recovery
The employee retained an attorney to pursue a third-party liability claim
against the driver and his insurance company. Society’s knowledgeable
claims adjuster recognized the opportunity to retain counsel to protect
Society’s statutory right to reimbursement, applicable in this workers
compensation claim.

In 2016, the third-party claim was settled for $1.1 million. The
proceeds were distributed according to the distribution formula outlined
in state statutes. The settlement was large enough that Society was able to
recoup 100 percent of the loss payments in this claim, over $207,000. In
addition, the settlement was sufficient to also fund a cushion from which
any future medical treatment would be paid if that became necessary.

This large claim could have adversely affected this Society Insurance
policyholder since workers compensation premiums are affected by the
number and value of claims experienced by the employer. In this case,
however, the responsible party – the driver – ended up covering this loss so
the pub’s insurance premium will be unaffected by this claim.
Property Damage
Society’s experienced claims representative immediately contacted a building
restoration company who subsequently hired a professional engineer to monitor the
repair work for structural and safety purposes. The restoration company took the lead by
contacting subcontractors in an effort to gather estimates for repairs. Temporary repairs
were done immediately, which included bracing the damaged wall and removing loose
siding. The ambitious goal was met to get the pub back up and running by dinner time
on Friday, July 25, to avoid long-term loss of business income and reputational damage.

AN EXPERIENCED
SOCIETY INSURANCE CLAIMS SPECIALIST
TOOK CARE OF THE REPAIR DETAILS
Restoration
While the pub focused on getting back to business, Society’s experienced
claims specialist took care of the details associated with finalizing repairs –
including availability of unique construction materials, consideration of
cooking equipment repairs or replacement, and building code upgrades.
Once the final estimate and subcontractor

bids were ready, Society worked with a building consultant to audit the
prices and make sure that they were appropriate for the project. With
Society’s focus on minimizing downtime, the pub was only required to
close for two additional days in November 2014 to complete the final
repairs.

Subrogation

The pub was responsible for a $1,000 deductible on this claim, while Society paid nearly
$170,000 for building, contents, and code upgrades.
This large claim had the potential to adversely affect
this pub, and other policyholders, but Society’s
experienced team was responsible for recovering 87
 percent of the total damages through subrogation. The
driver involved in this accident had valid personal
auto and umbrella policies, which were responsible for
reimbursement to Society in 2016.

What is Subrogation?
Subrogation occurs when an insurance company which pays its insured customer for injuries and
losses then legally pursues a third party which caused the damages.

Summary
When an unexpected situation interrupts your ability to conduct business,
Society is ready to bring speed and skill to the claims process. This
includes thorough investigation, the best possible care for your employees,
quick restoration, and paying what is rightfully owed. You can feel
confident knowing that your business and your employees are protected by
Society Insurance.