In this chapter, we set the scene by looking at what risk management is and what it is not, why do it, what it costs, and what are the risks we are talking about.
Are Any of These Eight Myths About Risk Management Keeping You From Managing Your Business Successfully?
If you have a negative view of risk management, it is probably the result of one or more of a number of wrong beliefs. Some are quite understandable, but they are all wrong. Here are the eight most popular misconceptions and why they are wrong.
Forget the myths and think about the risks which could affect your business. Then think about ways to manage them—sensibly, realistically, and profitably.
Can You Be Asking the Wrong Question?
One question I am often asked is, “What risks do you manage?” If that is the question on your mind, you are right to ask it. It is obviously not a silly question. So, how can it be wrong? When I talk to business owners and managers, they usually tell me they think they are managing their risks successfully. Most of them probably are regarding those risks they are managing. The danger to the business usually lies in the ones they are not managing at all, or only by default. It often seems that most managers either ignore certain risks or fail to take them as seriously as would be advisable, for three quite understandable reasons:
You may wish to ask yourself what types of risk are important in your business. I have written about the 12 categories of risks threatening most businesses in a later chapter. Can anyone deal with all of them? You may well ask. Nobody can be an expert in everything. What you need to do is to set up a process, so you can identify, analyze, and control the risks in and around your business. Start off on the right track, by carrying out a survey of your activities and asking questions about the ways in which the risks you observe are being managed. You might go into some of your risks in depth or you might go to someone who is an expert in a particular area. You will only find the answers once you have identified the questions. It is a cliché, but true, that if you want to get to the right answer, you have to ask the right question. Ask it.
Is Compliance a Good Thing or Merely a Necessity?
During the arguments about fire safety, following the terrible fire in the Grenfell Flats in London, the question of compliance with building regulations kept coming up. It had a sense of deja vu for me. I have so often been in discussions where the question of compliance, with one thing or another, has arisen. Now, of course, I am not going to advise anyone to fail to comply with legal requirements. However, I am concerned that people often think they are doing enough if they comply. Some regulations may be overprescriptive, but many are not. Many set out the minimum standard. All too often, people choose to ignore guidelines or advice on best practice, if these have no statutory authority.
I can remember a time when a lot of fatalities in motor accidents in the United Kingdom were the result of a car running into the back of a truck. That is because trucks are higher than cars and the rear bumper, or some part of the truck, went through the car’s windscreen, killing the driver and any front-seat passenger. A simple remedy was suggested. Attach a bar to the back of every truck at car-bumper height. Thus, the impact of a collision would be taken by the vehicle, not the driver. It was so obvious, but a lot of trucks did not acquire such bars until they were made compulsory. How many needless deaths occurred in the interim, due to the compliance mentality? You can probably think of similar examples in your industry.
The aim of risk management should not be mere compliance. It should be managing risks. Sometimes, regulations can be overprescriptive and work against the better management of risks. We just have to live with them or get someone to revise them. But do try to understand why they are there. Always ask what steps you need to take to go beyond compliance toward best practice, or the most appropriate practice for you.
Six Reasons to Bother With Risk Management Apart From Trying to Keep Down Insurance Premiums
Many businessmen think risk management is an unnecessary expense unless it can be justified by a reduction in insurance premiums. I believe that is taking far too short-term a view and that it even overlooks certain benefits that can be gained almost immediately. Insurance premiums are not the only reason, but they are an important one. Controlling insurance costs is certainly an important part of controlling the total costs of a business, and even if insurers do not offer immediate discounts for risk management, they will certainly review your premiums, hopefully downward, if you have fewer claims. Risk management may make the difference between being able to obtain certain insurances and having to bear the risk yourself. Insurers may require a larger excess or even refuse to insure your business, if they are not satisfied that you are making a sufficiently serious effort to reduce the risk. Most insurance policies include a clause requiring you to take reasonable precautions to prevent a loss occurring. This means that they can refuse to pay a claim if they believe you had failed to take measures to control the risk. Obviously, there would never be any claims if everyone took every precaution possible all the time, and there can be, and often are, arguments as to where to draw the line, but that line is there, and even the most reasonable insurer will sometimes refuse to pay a claim if it seems the client has been unwilling to make any effort to reduce the risk.
There are six other important reasons to get involved in risk management.
Think about the benefits of risk management as well as the costs and do not focus only on insurance premiums, whether you do this yourself or decide to consult an expert.
Who Is Interested in Risk Management?
I hope the answer is that you are. The main reason I like to think you are interested is that you want to be in control of your business and want to know that there is a means of dealing with whatever may happen. But, who else is interested in how you manage your risks? You may never be asked the question in a way that specifies risk management, but you might well be asked something like:
Being able to show that you have a risk management system in place would be one way of at least partially satisfying such a questioner. Another way would be to show you had had a risk survey in the recent past and had at least begun to implement the recommendations.
Who is going to ask such questions? Usually, someone providing finance for your business, but not only them:
How would you like to impress them?
Can Risk Management Help Reduce Stress?
Many people suffer from stress for various reasons. I know several people who offer to help relieve stress in different ways: massage, counseling, hypnotherapy, relaxation techniques. Risk management is seldom put in the list. Each of the aforementioned approaches (and others) can be helpful. Sometimes, you just have to try it and see. What they have in common is that they help you manage your reaction to the situation. They do not try to resolve the situation. That is at least partly because stressful people will always find something to get stressed about and partly because it is useful to be able to deal with your stress if you encounter another stressful situation. However, is there not also a need to look at the factors in your situation which give rise to your stress?
Risk management can be a big help:
Think how you can start managing stress and managing the causes of stress.
How Much Are You Spending on Risk Management and How Could You Reduce It?
It has been said that some organizations cannot afford risk management. This implies that the only cost would be the fees of a risk consultant. Let us examine all the costs of risk and how they interact. If you think you do not want to spend money on risk management, you could be surprised at how much you are already spending. Anything that reduces or controls the risk of something going wrong in your business is a risk management cost. Your aim should be to strike the right balance so as to get the best value for money from all your measures.
What Does the Total Cost of Risk Include?
The following are examples of risk control measures:
Failings in any of the aforementioned can lead to complaints or claims. The cost of these comprises:
What about insurance? Some of the aforementioned points can be offset by insurance, but this means incurring the additional cost of premiums, which also have to be taken into account in establishing the total cost of risk. The cost-effectiveness of each premium should be reviewed in relation to the cost of claims and the size of potential losses. To understand how well your money is being spent, it is necessary to look at all these elements together and to consider how each affects the others, for example, spending more on security could reduce losses through theft, or saving money on maintenance could lead to more accidents and so to more claims. Alternatively, you might find that the amount spent on some of the aforementioned measures was not justified by the reduction in losses.
What do risk management consultants do? They help you quantify and prioritize the risks and evaluate the options by bringing an independent objective view and drawing on the experience of other organizations. In evaluating the costs of the different elements of the total cost of risk, it is important to take into account the amount of management time these activities take up. It is also important to consider the amount of management time an external consultant could save, compared with doing the exercise in-house.
What Could You Save?
The table that follows provides an illustration of the hidden costs of risk in a typical small business with a turnover of about 10 million U.S. dollars. There is provision for 10,000 U.S. dollars for the cost of a risk management consultation, either internal or external, which is the smallest element in the list. Think of the potential savings if such an exercise led to even a mere 2 or 3 percent reduction in the overall costs.
Table 1.1 Illustration of the cost of risk
Item |
Cost $000’s |
Cost % |
Insurance |
200 |
40 |
Health and safety |
60 |
12 |
Security |
60 |
12 |
Inspection |
50 |
10 |
Customer care |
40 |
8 |
Human resources |
40 |
8 |
Public relations |
20 |
4 |
Internal audit |
20 |
4 |
Risk management study |
10 |
2 |
Total |
500 |
100 |
It is also worth establishing the total cost of risk as a proportion of total expenditure and noting whether this is increasing or decreasing over time. If this figure is abnormally high or low, it is probably worth carrying out further investigations. What is normal will, of course, depend on the nature of the business, but if the cost of risk is less than 1 percent of the total costs, it is likely that there are inadequate measures to protect the business from potential threats, whilst if the figure is above 5 percent, it is likely that significant savings could be made by targeting the expenditure more efficiently. Even if the proportion is a normal 2 or 3 percent, it is probably still worth reviewing the measures periodically to ensure the money is being spent to reduce the most serious risks, rather than majoring on trivia.
Are You Managing All of These 12 Risks?
Here Are the 12 Major Categories of Risk
Ask yourself how each risk mentioned as follows might apply to your business and whether you are putting your efforts into controlling the most or least important ones. If you notice that there are areas of overlap, it is because risks interact with one another. It is better to look at them together, rather than separately. They cannot be managed properly in isolation.
How Are You Managing These Eight Uninsured Risks?
You might or might not acknowledge that risk and insurance are conceptually two different things, but you could be among the large number of people who think that the issue is purely theoretical and rely on insurance as your primary means of managing the risks in your business and in your life generally. If so, you need to consider each of these eight categories of uninsured risk and consider how they apply to you. Then, think how you are going to manage them.
If you think insurance is the answer to managing risks, think again, and review the ways you are dealing with each of the mentioned types of uninsured risk, preferably before it is too late.