Unit 1 rmi

Unit-1
Introduction to Risk Management and Risk Identification
Risk
Risk is virtually anything that threatens or limits the ability of a community or nonprofit
organization to achieve its mission.
It can be unexpected and unpredictable events such as destruction of a building, the wiping of all
your computer files, loss of funds through theft or an injury to a member or visitor who trips on a
slippery floor and decides to sue. Any of these or a million other things can happen, and if they
do they have the potential to damage your organization, cost you money, or in a worst case
scenario, cause your organization to close.
Risk management
Risk management is a process of thinking systematically about all possible risks, problems or
disasters before they happen and setting up procedures that will avoid the risk, or minimise its
impact, or cope with its impact. It is basically setting up a process where you can identify the risk
and set up a strategy to control or deal with it.
It is also about making a realistic evaluation of the true level of risk. The chance of a tidal wave
taking out your annual beach picnic is fairly slim. The chance of your group's bus being involved
in a road accident is a bit more pressing.
Uncertainty
Situation where the current state of knowledge is such that the order or nature of things is
unknown, the consequences, extent, or magnitude of circumstances, conditions, or events is
unpredictable
Types of Risk:
There are two different types of risk: systematic risk and unsystematic risk.
Systematic risk is volatility caused by factors in the economic system that affect all investments
resulting in either losses or gains. For example, the risk of higher oil prices is a systematic risk
factor. Higher oil prices affect transportation costs, which in turn, affects the price of almost
everything else in the economy. Higher oil prices result in losses for car rental firms, trucking
firms, shipping firms, and airlines. They cause higher prices for food (all of which is transported
from where it is grown to where it is sold to consumers), and raw materials for manufacturers
which leads to higher prices for finished goods. Since consumers must pay higher prices for
fuel, they have less money to spend on other consumer items which produces losses for firms
supplying these products. Since higher oil prices raise the prices of everything else, and since
consumption drives about 66% of the U.S. GDP, higher oil prices causes the entire economy to
slow down.
Systematic risk goes by three other names: undiversifiable risk, portfolio risk and market risk.
The other type of risk associated with investing is called unsystematic risk.

Unsystematic risk has two other names: firm-specific risk and diversifiable risk.
Unsystematic risk is the variability of returns (risk) caused by factors associated with a
particular firm. Examples include the risk of bad or fraudulent management, the risk of a plant
fire, a labor strike, or a lawsuit. These risk factors are not likely to be present in all the firms in a
portfolio at the same time. Some firms will have them and some won’t. An investor holding a
well-diversified portfolio (investments in firms in different industries and locations) will not be
concerned with unsystematic risk. For example, consider the quality of management. Some of
the firms in a portfolio will have good managers and some will have poor managers. The net
effect on the return of the portfolio will be nil. In effect, investors can diversify away the risk
posed by bad managers. The same is true for the other factors causing unsystematic risk.
Economic
Economic
– These risks occur from changes in overall business conditions.
This can include:
regulations
Natural Risks
Natural risks are result from natural disasters or disruptions
Human Risks
These are caused by human mistakes and errors, as well as the unpredictability of customers,
employees, or the work environment
This could include:

Burden & Sources of Risk
-related risks and Financing risks.
Methods to Handle Business Risks
For each risk you have identified, there will be one or more strategies or courses of action
available to you. The main strategies that you will be working with are as follows:
a. Avoidance
b. Risk Control
c. Risk Transfer
d. Loss Reduction
e. Segregation of Exposures (Spread of Risk)
f. Duplication of Resources
g. Self-Retention
(a) Avoidance
This is the most effective risk management strategy in that, by avoiding an activity or risk, any
chance of a loss is eliminated. While it is the most effective strategy, it is also not always the
most practical choice, as every part of a school operation has some level of risk, and avoiding all
risk would mean a school (or society) could not function.
The key with Avoidance is to use it for situations where:
Risk category);
is not necessary to fulfill educational goals;
1, then an
informed decision can be made as to whether a risk should be avoided.
(b) Risk Control
This is the process of actually managing the risk – taking proactive steps to reduce the identified
risks where possible and putting steps, rules or procedures in place to minimize the residual risk
to reduce the chance of a loss or the severity of such a loss. Classic examples of risk control are
things like using protective gear for sports activities, setting rules, and of course, supervising to
ensure rules are enforced.

Risk Control is the most widely used strategy, as, when combined with the other strategies, it
enables activities or operations to take place with best safety practices or policies/procedures in
effect that address the various elements of risk inherent in the activity or process.
In effect, Risk Control enables calculated, informed risk taking to occur where the benefits of
proceeding with an activity outweigh the much-reduced risks that are present.
(c) Risk Transfer
This is the proactive process of transferring unwanted risk away from your organization to
another person or organization. Risk can be transferred to another party as follows:
Liability):
Transfer), or through a conventional insurance policy.
l situations where this strategy is effective:
an uncertain risk (will I have a million dollar loss?);
imposed by civil law for
Occupier’s Liability, Joint and Several Liability and Employer’s Vicarious Liability;
Certificates of Insurance)
pendent contractor is performing work on your behalf. (See
Certificates of Insurance)
(d) Loss Reduction
This is a “post-loss” strategy that is essentially a response plan that addresses what will be done
if a loss does occur. An effective Loss Reduction strategy can effectively reduce the impact of a
loss and can make the difference between an inconvenience and a catastrophe.
Fire Drills and Emergency Response Plans are examples of Loss Reduction strategies.
(e) Segregation of Exposures
In essence, this strategy follows the adage “don’t put all your eggs in one basket”. By spreading
your exposure to loss across different locations or by isolating certain risks, the chance of a total
loss is significantly reduced.
Some typical examples of segregation of exposures in a school environment include, but are not
limited to:
-proof cabinets for storing flammable liquids;
- Using female supervisors for female students and male supervisors
for male students;
regarding cash receipts and cash disbursements and audit functions;

-up medium stored off-site.
(f) Duplication of Resources
This strategy involves maintaining back-up facilities or having a contingency plan in place in
case an unexpected situation interrupts the normal flow of operations. While this strategy can
involve maintaining an expensive infrastructure, it is an important strategy to consider for certain
critical operations for your school board.
Some applications of this strategy include, but are not limited to:
hool excursions or activities to
provide back-up in case of distraction, illness, injury or other emergency;
– back-up computer data and access to alternate computer equipment that
can be used to run the board’s computer systems (see also “Segregation of Exposures”).
fuel oil, maintenance contractors, etc.)
or by
utilizing existing schools that are not in use. For example, if a fire destroyed a high school,
where would the students be sent?
(g) Self-Retention
This strategy is applied to manage risks that are either uninsurable due to high risk factors, or for
small, infrequent losses that can be better managed internally than by claiming through an
insurance policy (e.g. deductible level on a property insurance policy).
Most school boards do not have many uninsurable high risks that are essential to their business
operations (see Avoidance), so the Self-Retention strategy is most commonly applied to
supplement conventional insurance policy contracts by carrying a deductible. In return for
taking a share of the small losses by way of a “deductible”, school boards are able to achieve
reduced premiums on their main property insurance coverage, saving the insurance policy for
catastrophic losses, while funding the small losses internally.
Degree of risk
Extent or level of uncertainty in a given situation the likelihood of the actual result being
different from the estimated result. See also law of large numbers, odds, and probability.
Management of risk
Risk management is the identification, assessment, and prioritization of risks (defined in ISO
31000 as the effect of uncertainty on objectives) followed by coordinated and economical
application of resources to minimize, monitor, and control the probability and/or impact of
unfortunate events.
Introduction
This Business Risk Exposure (BRE) Tool forms part of a broader Strategic Asset Management
program developed by WERF, in association with the Water Research Foundation, United

Kingdom Water Industry Research (UKWIR), and the Global Water Research Coalition
(GWRC). The web based Tool has been developed to assist asset managers in decision making
based on performing a systematic assessment of the level of business risk exposure a Utility
faces from potential failures of its water and/or wastewater assets.
Business Risk Exposure
Business Risk Exposure (BRE) is a method of calculating (scoring) the nature and level of
exposure that an organization is likely to confront through a potential failure of a specified asset
or group of assets. Business Risk Exposure is derived by assessing both likelihood of failure
(what is the likelihood or probability that a predicted failure may actually occur?) and the
consequence of failure attributable to an asset should it fail (what are the implications or cost to
the utility and the community if an asset fails?).
Expressed mathematically, BRE is the product of the Consequence and Likelihood of a possible
failure, adjusted for risk mitigation measures currently in place and those that could be put in
place. Risk mitigation measures are those practices applied to an asset on a case by case basis to
either reduce either the likelihood of failure or the consequence of failure.
Figure 1 is a schematic representation of the key variables of business risk exposure.
Figure 1: Schematic of Business Risk Exposure Framework
Likelihood of Failure - from a risk standpoint is the expected possibility of failure occurring
based on history or known performance of the particular asset.
Consequence of Failure – is the outcome of an asset failure expressed either qualitatively or
quantitatively, being a loss, injury, or disadvantage from a social, economic and environmental
or regulatory standpoint.
Analysis and Evaluation of Risk Exposure - Business Related Risk Exposures
Commercial general liability, commonly thought of as the "slip and fall" coverage, insures a

business against accidents and injury that might happen on or away from its premises, as well as
certain exposures relating to the carrying out of its business operations.
It protects the business owner from payments for bodily injury or property damage to a third
party, for medical expenses accruing to the underlying incident, for the cost of defending
lawsuits including investigations and settlements, and for any bonds or judgments required
during an appeal procedure.
Home-Business Liability
With so many people now working out of their homes, it's worth noting that the liability
coverage on your homeowner's policy may not apply if a customer or messenger is injured on
your property. And since a standard homeowner's policy comes with only a limited amount of
coverage for business equipment, usually up to $2500, those who work at home should consider
supplementing their insurance.
Business risk exposures to consider:
1) General Liability
2) Errors and Omissions
3) Director & Officer protection
4) Business Overhead expenses
5) Employee Group Benefit plans
Some might argue that employee group benefit plans are not necessarily a risk exposure. But
picture this: Suppose its common practice in your industry for a business to offer health/dental
insurance as well as 401k participation to its employees. If a firm within that industry has taken
the position that they are not going to provide these benefits to employees, the firm has now
exposed themselves to the recruitment risk of competitor firms bidding for their top employees
with more attractive compensation & benefits packages.
Coverage of these business risks will be discussed in more detail in the chapter that follows.
Individual Exposures, Exposures of Financial Assets -Exposures of Human Assets
Types of Risks—Risk Exposures
Most risk professionals define risk in terms of an expected deviation of an occurrence from what
they expect—also known as anticipated variability. In common English language, many people
continue to use the word “risk” as a noun to describe the enterprise, property, person, or activity
that will be exposed to losses. In contrast, most insurance industry contracts and education and
training materials use the term exposure to describe the enterprise, property, person, or activity
facing a potential loss. So a house built on the coast near Galveston, Texas, is called an
“exposure unit” for the potentiality of loss due to a hurricane. Throughout this text, we will use
the terms “exposure” and “risk” to note those units that are exposed to losses.
Pure versus Speculative Risk Exposures
Some people say that Eskimos have a dozen or so words to name or describe snow. Likewise,
professional people who study risk use several words to designate what others intuitively and

popularly know as “risk.” Professionals note several different ideas for risk, depending on the
particular aspect of the “consequences of uncertainty” that they wish to consider. Using different
terminology to describe different aspects of risk allows risk professionals to reduce any
confusion that might arise as they discuss risks.
As we noted in Table 1.2 "Examples of Pure versus Speculative Risk Exposures", risk
professionals often differentiate between pure risk that features some chance of loss and no
chance of gain (e.g., fire risk, flood risk, etc.) and those they refer to as speculative
risk. Speculative risks feature a chance to either gain or lose (including investment risk,
reputational risk, strategic risk, etc.). This distinction fits well into Figure 1.3 "Roles (Objectives)
Underlying the Definition of Risk". The right-hand side focuses on speculative risk. The lefthand
side represents pure risk. Risk professionals find this distinction useful to differentiate
between types of risk.
Some risks can be transferred to a third party—like an insurance company. These third parties
can provide a useful “risk management solution.” Some situations, on the other hand, require risk
transfers that use capital markets, known as hedging or securitizations. Hedging refers to
activities that are taken to reduce or eliminate risks. Securitization is the packaging and
transferring of insurance risks to the capital markets through the issuance of a financial security.
We explain such risk retention. In essence it is self-insuring against adverse contingencies out of
its own cash flows. For example, firms might prefer to capture up-side return potential at the
same time that they mitigate while mitigating the downside loss potential.
In the business environment, when evaluating the expected financial returns from the
introduction of a new product (which represents speculative risk), other issues concerning
product liability must be considered. Product liability refers to the possibility that a manufacturer
may be liable for harm caused by use of its product, even if the manufacturer was reasonable in
producing it.
Table 1.2 "Examples of Pure versus Speculative Risk Exposures" provides examples of the pure
versus speculative risks dichotomy as a way to cross classify risks. The examples provided
in Table 1.2 "Examples of Pure versus Speculative Risk Exposures" are not always a perfect fit
into the pure versus speculative risk dichotomy since each exposure might be regarded in
alternative ways. Operational risks, for example, can be regarded as operations that can cause
only loss or operations that can provide also gain. However, if it is more specifically defined, the
risks can be more clearly categorized.
The simultaneous consideration of pure and speculative risks within the objectives continuum
of Figure 1.3 "Roles (Objectives) Underlying the Definition of Risk"is an approach to managing
risk, which is known as enterprise risk management (ERM). ERM is one of today’s key risk
management approaches. It considers all risks simultaneously and manages risk in a holistic or
enterprise-wide (and risk-wide) context. ERM was listed by the Harvard Business Review as one
of the key breakthrough areas in their 2004 evaluation of strategic management approaches by

top management. In today’s environment, identifying, evaluating, and mitigating all risks
confronted by the entity is a key focus. Firms that are evaluated by credit rating organizations
such as Moody’s or Standard & Poor’s are required to show their activities in the areas of
enterprise risk management. As you will see in later chapters, the risk manager in businesses is
no longer buried in the tranches of the enterprise. Risk managers are part of the executive team
and are essential to achieving the main objectives of the enterprise. A picture of the enterprise
risk map of life insurers is shown later in Figure 1.5 "A Photo of Galveston Island after
Hurricane Ike".
Table 1.2 Examples of Pure versus Speculative Risk Exposures
Pure Risk—Loss or No Loss Only Speculative Risk—Possible
Gains or Losses
Physical damage risk to property (at the
enterprise level) such
as caused by fire, flood, weather damage
Market risks: interest risk,
foreign exchange risk, stock
market risk
Liability risk exposure (such as products
liability, premise
liability, employment practice liability)
Reputational risk
Innovational or technical obsolescence risk Brand risk
Operational risk: mistakes in process or
procedure that cause
losses
Credit risk (at the individual
enterprise level)
Mortality and morbidity risk at the individual
level
Product success risk
Intellectual property violation risks Public relation risk
Environmental risks: water, air, hazardous-
chemical, and other
Population changes
Pure Risk—Loss or No Loss Only Speculative Risk—Possible
Gains or Losses
pollution; depletion of resources; irreversible
destruction of
food chains
Natural disaster damage: floods, earthquakes,
windstorms
Market for the product risk
Man-made destructive risks: nuclear risks,
wars,
unemployment, population changes, political
risks
Regulatory change risk

Mortality and morbidity risk at the societal and
global level (as
in pandemics, social security program
exposure, nationalize
health care systems, etc.)
Political risk
Accounting risk
Longevity risk at the societal
level
Genetic testing and genetic
engineering risk
Investment risk
Research and development risk
Within the class of pure risk exposures, it is common to further explore risks by use of the
dichotomy of personal property versus liability exposure risk.
Personal Loss Exposures—Personal Pure Risk
Because the financial consequences of all risk exposures are ultimately borne by people (as
individuals, stakeholders in corporations, or as taxpayers), it could be said that all exposures are
personal. Some risks, however, have a more direct impact on people’s individual lives. Exposure
to premature death, sickness, disability, unemployment, and dependent old age are examples of
personal loss exposures when considered at the individual/personal level. An organization may
also experience loss from these events when such events affect employees. For example, social
support programs and employer-sponsored health or pension plan costs can be affected by
natural or man-made changes. The categorization is often a matter of perspective. These events
may be catastrophic or accidental.
Property Loss Exposures—Property Pure Risk
Property owners face the possibility of both direct and indirect (consequential) losses. If a car is
damaged in a collision, the direct loss is the cost of repairs. If a firm experiences a fire in the
warehouse, the direct cost is the cost of rebuilding and replacing inventory. Consequential or
indirect losses are nonphysical losses such as loss of business. For example, a firm losing its
clients because of street closure would be a consequential loss. Such losses include the time and
effort required to arrange for repairs, the loss of use of the car or warehouse while repairs are
being made, and the additional cost of replacement facilities or lost productivity. Property loss
exposures are associated with both real property such as buildings and personal property such as
automobiles and the contents of a building. A property is exposed to losses because of accidents
or catastrophes such as floods or hurricanes.
Liability Loss Exposures—Liability Pure Risk
The legal system is designed to mitigate risks and is not intended to create new risks. However, it
has the power of transferring the risk from your shoulders to mine. Under most legal systems, a
party can be held responsible for the financial consequences of causing damage to others. One is
exposed to the possibility ofliability loss (loss caused by a third party who is considered at fault)

by having to defend against a lawsuit when he or she has in some way hurt other people. The
responsible party may become legally obligated to pay for injury to persons or damage to
property. Liability risk may occur because of catastrophic loss exposure or because of accidental
loss exposure. Product liability is an illustrative example: a firm is responsible for compensating
persons injured by supplying a defective product, which causes damage to an individual or
another firm.
Catastrophic Loss Exposure and Fundamental or Systemic Pure Risk
Catastrophic risk is a concentration of strong, positively correlated risk exposures, such as many
homes in the same location. A loss that is catastrophic and includes a large number of exposures
in a single location is considered a nonaccidental risk. All homes in the path will be damaged or
destroyed when a flood occurs. As such the flood impacts a large number of exposures, and as
such, all these exposures are subject to what is called a fundamental risk. Generally these types
of risks are too pervasive to be undertaken by insurers and affect the whole economy as opposed
to accidental risk for an individual. Too many people or properties may be hurt or damaged in
one location at once (and the insurer needs to worry about its own solvency). Hurricanes in
Florida and the southern and eastern shores of the United States, floods in the Midwestern states,
earthquakes in the western states, and terrorism attacks are the types of loss exposures that are
associated with fundamental risk. Fundamental risks are generally systemic and nondiversifiable.
Figure 1.5 A Photo of Galveston Island after Hurricane Ike
Accidental Loss Exposure and Particular Pure Risk
Many pure risks arise due to accidental causes of loss, not due to man-made or intentional ones
(such as making a bad investment). As opposed to fundamental losses, noncatastrophic
accidental losses, such as those caused by fires, are considered particular risks. Often, when the
potential losses are reasonably bounded, a risk-transfer mechanism, such as insurance, can be
used to handle the financial consequences.
In summary, exposures are units that are exposed to possible losses. They can be people,
businesses, properties, and nations that are at risk of experiencing losses. The term “exposures”
is used to include all units subject to some potential loss.
Another possible categorization of exposures is as follows:
-made risks
—it does not create the risks but it may
shift them to your arena
political groups

Pure and speculative risks are not the only way one might dichotomize risks. Another breakdown
is between catastrophic risks, such as flood and hurricanes, as opposed to accidental losses such
as those caused by accidents such as fires. Another differentiation is by systemic or
nondiversifiable risks, as opposed to idiosyncratic or diversifiable risks; this is explained below.
Diversifiable and Nondiversifiable Risks
As noted above, another important dichotomy risk professionals use is between diversifiable and
nondiversifiable risk. Diversifiable risks are those that can have their adverse consequences
mitigated simply by having a well-diversified portfolio of risk exposures. For example, having
some factories located in nonearthquake areas or hotels placed in numerous locations in the
United States diversifies the risk. If one property is damaged, the others are not subject to the
same geographical phenomenon causing the risks. A large number of relatively homogeneous
independent exposure units pooled together in a portfolio can make the average, or per exposure,
unit loss much more predictable, and since these exposure units are independent of each other,
the per-unit consequences of the risk can then be significantly reduced, sometimes to the point of
being ignorable. These will be further explored in a later chapter about the tools to mitigate risks.
Diversification is the core of the modern portfolio theory in finance and in insurance. Risks,
which are idiosyncratic (with particular characteristics that are not shared by all) in nature, are
often viewed as being amenable to having their financial consequences reduced or eliminated by
holding a well-diversified portfolio.
Systemic risks that are shared by all, on the other hand, such as global warming, or movements
of the entire economy such as that precipitated by the credit crisis of fall 2008, are considered
nondiversifiable. Every asset or exposure in the portfolio is affected. The negative effect does not
go away by having more elements in the portfolio. This will be discussed in detail below and in
later chapters. The field of risk management deals with both diversifiable and nondiversifiable
risks. As the events of September 2008 have shown, contrary to some interpretations of financial
theory, the idiosyncratic risks of some banks could not always be diversified away. These risks
have shown they have the ability to come back to bite (and poison) the entire enterprise and
others associated with them.
Table 1.3 "Examples of Risk Exposures by the Diversifiable and Nondiversifiable Categories"
provides examples of risk exposures by the categories of diversifiable and nondiversifiable risk
exposures. Many of them are self-explanatory, but the most important distinction is whether the
risk is unique or idiosyncratic to a firm or not. For example, the reputation of a firm is unique to
the firm. Destroying one’s reputation is not a systemic risk in the economy or the market-place.
On the other hand, market risk, such as devaluation of the dollar is systemic risk for all firms in
the export or import businesses. In Table 1.3 "Examples of Risk Exposures by the Diversifiable
and Non-diversifiable Categories" we provide examples of risks by these categories. The
examples are not complete and the student is invited to add as many examples as desired.
Table 1.3 Examples of Risk Exposures by the Diversifiable and Nondiversifiable Categories

Diversifiable Risk—Idiosyncratic
Risk
Non-diversifiable Risks—Systemic Risk
Reputational risk Market risk
Brand risk Regulatory risk
Credit risk (at the individual
enterprise level)
Environmental risk
Product risk Political risk
Legal risk Inflation and recession risk
Physical damage risk (at the
enterprise level) such as fire, flood,
weather damage
Accounting risk
Liability risk (products liability,
premise liability, employment
practice liability)
Longevity risk at the societal level
Innovational or technical
obsolesce risk
Mortality and morbidity risk at the societal and
global
level (pandemics, social security program
exposure,
nationalize health care systems, etc.)
Operational risk
Strategic risk
Longevity risk at the individual
level
Mortality and morbidity risk at the
individual level
Enterprise Risks
As discussed above, the opportunities in the risks and the fear of losses encompass the holistic
risk or the enterprise risk of an entity. The following is an example of the enterprise risks of life
insurers in a map in Figure 1.6 "Life Insurers’ Enterprise Risks". Since enterprise risk
management is a key current concept today, the enterprise risk map of life insurers is offered
here as an example. Operational risks include public relations risks, environmental risks, and
several others not detailed in the map in Figure 1.4 "Risk Balls". Because operational risks are so
important, they usually include a long list of risks from employment risks to the operations of
hardware and software for information systems.
Figure 1.6 Life Insurers’ Enterprise Risks

Risks in the Limelight
Our great successes in innovation are also at the heart of the greatest risks of our lives. An
ongoing concern is the electronic risk (e-risk) generated by the extensive use of computers,
ecommerce,
and the Internet. These risks are extensive and the exposures are becoming more
defined. The box "The Risks of E-exposures" below illustrates the newness and not-so-newness
in our risks.
The Risks of E-exposures
Electronic risk, or e-risk, comes in many forms. Like any property, computers are vulnerable to
theft and employee damage (accidental or malicious). Certain components are susceptible to
harm from magnetic or electrical disturbance or extremes of temperature and humidity. More
important than replaceable hardware or software is the data they store; theft of proprietary
information costs companies billions of dollars. Most data theft is perpetrated by employees, but
“netspionage”—electronic espionage by rival companies—is on the rise.
Companies that use the Internet commercially—who create and post content or sell services or
merchandise—must follow the laws and regulations that traditional businesses do and are
exposed to the same risks. An online newsletter or e-zine can be sued for libel, defamation,
invasion of privacy, or misappropriation (e.g., reproducing a photograph without permission)

under the same laws that apply to a print newspaper. Web site owners and companies conducting
business over the Internet have three major exposures to protect: intellectual property
(copyrights, patents, trade secrets); security (against viruses and hackers); and business
continuity (in case of system crashes).
All of these losses are covered by insurance, right? Wrong. Some coverage is provided through
commercial property and liability policies, but traditional insurance policies were not designed to
include e-risks. In fact, standard policies specifically exclude digital risks (or provide minimal
coverage). Commercial property policies cover physical damage to tangible assets—and
computer data, software, programs, and networks are generally not counted as tangible property.
(U.S. courts are still debating the issue.)
This coverage gap can be bridged either by buying a rider or supplemental coverage to the
traditional policies or by purchasing special e-risk or e-commerce coverage. E-risk property
policies cover damages to the insured’s computer system or Web site, including lost income
because of a computer crash. An increasing number of insurers are offering e-commerce liability
policies that offer protection in case the insured is sued for spreading a computer virus,
infringing on property or intellectual rights, invading privacy, and so forth.
Cybercrime is just one of the e-risk-related challenges facing today’s risk managers. They are
preparing for it as the world evolves faster around cyberspace, evidenced by record-breaking
online sales during the 2005 Christmas season.
Sources: Harry Croydon, “Making Sense of Cyber-Exposures,” National Underwriter, Property
& Casualty/Risk & Benefits Management Edition, 17 June 2002; Joanne Wojcik, “Insurers Cut
E-Risks from Policies,” Business Insurance, 10 September 2001; Various media resources at the
end of 2005 such asWall Street Journal and local newspapers.
Today, there is no media that is not discussing the risks that brought us to the calamity we are
enduring during our current financial crisis. Thus, as opposed to the megacatastrophes of 2001
and 2005, our concentration is on the failure of risk management in the area of speculative risks
or the opportunity in risks and not as much on the pure risk. A case at point is the little media
coverage of the devastation of Galveston Island from Hurricane Ike during the financial crisis of
September 2008. The following box describes the risks of the first decade of the new
millennium.
Risks in the New Millennium
While man-made and natural disasters are the stamps of this decade, another type of man-made
disaster marks this period. Innovative financial products without appropriate underwriting and
risk management coupled with greed and lack of corporate controls brought us to the credit crisis
of 2007 and 2008 and the deepest recession in a generation. The capital market has become an
important player in the area of risk management with creative new financial instruments, such as
Catastrophe Bonds and securitized instruments. However, the creativity and innovation also

introduced new risky instruments, such as credit default swaps and mortgage-backed securities.
Lack of careful underwriting of mortgages coupled with lack of understanding of the new
creative “insurance” default swaps instruments and the resulting instability of the two largest
remaining bond insurers are at the heart of the current credit crisis.
As such, within only one decade we see the escalation in new risk exposures at an accelerated
rate. This decade can be named “the decade of extreme risks with inadequate risk management.”
The late 1990s saw extreme risks with the stock market bubble without concrete financial theory.
This was followed by the worst terrorist attack in a magnitude not experienced before on U.S.
soil. The corporate corruption at extreme levels in corporations such as Enron just deepened the
sense of extreme risks. The natural disasters of Katrina, Rita, and Wilma added to the extreme
risks and were exacerbated by extraordinary mismanagement. Today, the extreme risks of
mismanaged innovations in the financial markets combined with greed are stretching the field of
risk management to new levels of governmental and private controls.
However, did the myopic concentration on terrorism risk derail the holistic view of risk
management and preparedness? The aftermath of Katrina is a testimonial to the lack of risk
management. The increase of awareness and usage of enterprise risk management (ERM) post–
September 11 failed to encompass the already well-known risks of high-category hurricanes on
the sustainability of New Orleans levies. The newly created holistic Homeland Security agency,
which houses FEMA, not only did not initiate steps to avoid the disaster, it also did not take the
appropriate steps to reduce the suffering of those afflicted once the risk materialized. This
outcome also points to the importance of having a committed stakeholder who is vested in the
outcome and cares to lower and mitigate the risk. Since the insurance industry did not own the
risk of flood, there was a gap in the risk management. The focus on terrorism risk could be
regarded as a contributing factor to the neglect of the natural disasters risk in New Orleans. The
ground was fertile for mishandling the extreme hurricane catastrophes. Therefore, from such a
viewpoint, it can be argued that September 11 derailed our comprehensive national risk
management and contributed indirectly to the worsening of the effects of Hurricane Katrina.
Furthermore, in an era of financial technology and creation of innovative modeling for predicting
the most infrequent catastrophes, the innovation and growth in human capacity is at the root of
the current credit crisis. While the innovation allows firms such as Risk Management Solutions
(RMS) and AIR Worldwide to provide models that predict potential man-made and natural
catastrophes, financial technology also advanced the creation of financial instruments, such as
credit default derivatives and mortgage-backed securities. The creation of the products provided
“black boxes” understood by few and without appropriate risk management. Engineers,
mathematicians, and quantitatively talented people moved from the low-paying jobs in their
respective fields into Wall Street. They used their skills to create models and new products but
lacked the business acumen and the required safety net understanding to ensure product
sustenance. Management of large financial institutions globally enjoyed the new creativity and
endorsed the adoption of the new products without clear understanding of their potential impact
or just because of greed. This lack of risk management is at the heart of the credit crisis of 2008.

No wonder the credit rating organizations are now adding ERM scores to their ratings of
companies.
The following quote is a key to today’s risk management discipline: “Risk management has been
a significant part of the insurance industry…, but in recent times it has developed a wider
currency as an emerging management philosophy across the globe…. The challenge facing the
risk management practitioner of the twenty-first century is not just breaking free of the mantra
that risk management is all about insurance, and if we have insurance, then we have managed our
risks, but rather being accepted as a provider of advice and service to the risk makers and the risk
takers at all levels within the enterprise. It is the risk makers and the risk takers who must be the
owners of risk and accountable for its effective management.”
Exposures to Legal Liability, Exposure to Work-Related Injury, Basic concepts form
probability and Statistics
To be able to survive and sustain, organizations need to ensure continuity of their operations and
preservation of their assets. They are exposed to various risks and therefore in order to sustain
themselves to achieve corporate goal the organization must have a Risk Management Policy. As
a result of social changes, rapid technological advancements and the prevailing political,
economic and legal environment, the organizations are faced with a new threat to their existence
– the one emanating from legal liability under tort, statutory law and contract. The liability
exposure alongwith other areas of loss exposure therefore should form Part of the overall risk
management policy of any organization.
Before we discuss insurance part of it, let’s examine risk management per se from the point of
view of an organization which typically consists of
i) Risk Analysis
ii) Risk Control
iii) Risk Financing
iv) Monitoring and review
Risk Analysis basically involves identification and evaluation of risk. We first identify the areas
of risk exposure e.g. assets, earning capacity, human resource, legal liabilities, etc. and then
correlate them with possible sources of loss/ damage/ injury. What is the probability of
happening of such a loss and its likely severity is then evaluated. Broadly speaking there may be
“high frequency and low severity” and “Low Frequency and high severity” losses. The next step
in the process is Risk Control measures which is aimed at avoiding, eliminating or reducing the
chances of loss producing events. This also involves measures for diminishing the severity of
loss that has occurred.
These can be achieved by technical improvement, procedural changes, TQM approach and loss
prevention measures. Since these involve substantial amount of money, a cost-benefit analysis is
carried out before the actual measures are initiated, though any progressive management would
regard all loss prevention activities as not to be dispersed with. Inspite of the best efforts in
preventing accidents / losses, they do take place and the organizations must have to find ways to

finance them. The possible options are insurance /ART, finance by loan, creation of contingency
fund, losses to be charged to operating costs, etc. We are living in a dynamic world and any
policy / strategy needs to be continuously reviewed and monitored to effect change if so
warranted. Let’s now examine the legal liability and its implication on an organization. Let’s also
examine
the evolution of liability legislation and the prevailing judicial attitude. This is necessary because
the liability insurance has to necessarily move along the path determined by both the liability
legislation and the court decision / judgment. Legal liability may be defined as specific
responsibilities and obligations which can be enforced at law. We are here basically concerned
with civil liability which may arise under (i) Law of Tort (ii) Statutory Law (iii) Law of Contract.
It should be noted that for any civil wrong suits can be filed for damages / injury. It should also
be noted that there is no escape from liability under statutory and contract law provision.
Originally everybody abided by the principle – “you pay for your own losses.” However with the
passage of time the notion of fault got incorporated in civil law, which meant that if you are
responsible for the damages / injures you have to pay the monetary compensation. But this
required the establishment of “fault” in the court law - a difficult task indeed. Therefore, in order
to help the victims and to safeguard his interest, the onus of proof was shifted to the defendant
who has to prove his innocence rather than the victim proving the negligence on the part of
tortfeasor.
The principle that “for every wrong there must be redress in the form of damage” has
now changed to “for every injury there must be redress in the form of damage.” With this
change has come the concept of “strict or absolute liability” which means that mere existence /
operation of an activity constitute the cause triggering liability - the only requirement being a
causal link between the activity and the loss event. With growing awareness about the
environment, preservation of flora & fauna, the assets belonging to society as a whole
(ecosystem)
are being brought in the liability net, the guiding principle being “the polluter pays.”
Retroactive application of these laws has their own implication.
In order to ensure that the victims get the compensation (where the liable party is not in a
position to pay) the concept of “group common fate has been introduced. Several parties are held
jointly responsible in accordance with their ability to pay creating “deep pocket” approach. This
means that persons / parties who have nothing to do with the original event may be fastened with
liability. The net of liable parties is thus widening. Of late there has been trend to award punitive
damage as a deterrent to the perpetrators, apart from soaring compensation payments. Sometimes
the punitive damages exceed the actual damage awarded.
In the light of the above, it should now become very clear that other than Act of God peril, there
is hardly any legally permitted exoneration pleas and hence the extent of liability exposure can
very well be imagined / understood. It will not be out of place here to mention a few relevant
court cases, which are indicative of the shape of things to come in future. In the case of SriRam
Foods & Fertilizer where oleum gas escaped from one of the units resulting in injuries to many,

the Supreme Court held that the liability to compensate is absolute and that Chairman / MD/
Officers heading the plant are personally liable to pay the compensation. In Uphaar Cinema
tragedy the court has held MCD, Delhi Police and DESU (All public agencies) jointly
responsible for the payment of compensation. A leading software Indian Co. has to settle for an
out of court settlement in a sexual harassment case against one of its employees in USA. The
liability exposure arising out of cases like Bhopal Gas Tragedy can be well imagined. At this
stage it will not be out of place to have a look at statutory laws governing civil liability. Apart
from tort they are –
WC Act 1923 (as amended)
• Factories Act 1948
• Consumer Protection Act 1986
• The Environment Protection Act 1986
• National Environment Tribunal Act 1995
• Public Liability Insurance Act 1991
• Law of Contract
Those falling within the purview of WC Act 1923 & PLI Act, 1991, have to necessarily take
Insurance cover as provided in the Act. As for the liability under other statutes and the liability
under tort the companies have to plan for them in their Risk Management Programme.
Let’s now examine the position from the point of view of Insurers. Let’s first start with the
pricing part of it. It is an accepted principle of insurance pricing that there should be proper
matching between the rate of premium and degree of exposure in terms of probability of loss.
Liability claims being long-tail, open-ended, and intangible, pose problem in working out the
premium rate. It is difficult to objectively measure the probability because of lack of adequate
data- base and also because the liability fixed is very subjective based upon the prevailing
judicial attitude. The Risk / premium balance is disturbed because the liability standard as
prevailing in a future date will decide the outcome of the events that has already taken place is
the past and which incidentally was underwritten in the past based on the then prevailing
condition. Besides it is very difficult to quantify objectively the loss on account of pain /
suffering / mental agony, damage to eco-system, environment, etc. Keeping the above factors in
view and the requirements of the market, Indian Insurance Company have many liability
products to offer. However, in order to keep their financial commitments within their limit of
retention, the insurance companies sets out two limits called AOA (Any one accident limit) and
AoY (Any one year limit) in all liability insurance policies. In liability claims, at times, the
insured event do not occur suddenly and accidentally but manifests itself only gradually and
hence it becomes difficult to ascertain whether cover exists from a time –related point of view.
These are called gradual loss event. Therefore the following three concepts typical to liability
insurance need to be understood:

Retroactive date - It is the date when the first policy issued commences and will continue to
be the retroactive date for subsequent policies if renewed without break.
• Policy period. It is the one year policy period as depicted on the face of the policy.
• Period of insurance - It means the period commencing from the retroactive date and
continues, if the policies are renewed without break, till the expiry date in the last policy.
In relation to the claims, to find out whether insurance coverage in a particular case applies or
not, there are three types of policy wordings.
1) Occurrence basis: The damage / injury must occur during policy period. Claim may occur
after expiry also.
2) Claims made basis: the claim is made during the policy period irrespective of when the
negligence occurred.
3) Acts committed basis: The negligent act must occur during the policy period.
The courts, however, have interpreted the wordings in their own way and there are conflicting
judgments specially in USA. In India, the indemnity clause generally provide the cover for
• Claims arising out of accidents, during the period of insurance
• First made during the policy period.
This means that the event must occur during the period of insurance and the policy is
continuously in force without break till the time the claims is reported.
The following liability insurance products are available in Indian market.
• Public liability for industrial and non-industrial risk.
• Product liability
• Professional indemnity for Doctors / Solicitors, etc.
• Employer’s liability
• Directors’ and Officers liability
• Act policy under PLI Act (hazardous goods) 1991.
• Motor, marine hull and aviation policies also cover T.P. liability.
• CAR, EAR, IAR, etc have provision to extend cover to T.P. liability.
Depending upon the specific needs of a client, tailor made policy can also be made. Some of the
private insurance companies have come out with products like commercial general liability
insurance cover.
It should be noted that liability insurance by its very nature has the potential to result is heavy
losses of catastrophic nature. Hence the reinsurance support is required. However, in view of
limited insurance capacity, higher premium, increased deductibles a need is felt about alternative
risk transfer mechanism (ART). This is being attempted by transfer of risk through capital
market instruments e.g. CAT Bonds. Therefore, optimized risk transfer at optimal price may
involve combination of insurance & ART. In this regard a new concept is gaining currency in
European market to avoid complications from liability laws and unpredictable nature of court
judgments. The concept of “First party” cover takes the place of liability insurance specially for
covering environmental liability. Instead of the tort-fearer taking the policy, the would be

aggrieved party takes the “First party” covers. In the event of any damage, instead of locating the
tort fearer, the aggrieved party without going through the court mechanism claims compensation
from the insurance company.
The ever-increasing entitlement - mentality of society, the widening net of liability legislation,
and the trend of court judgments may well have a very negative effect on the economy and more
so on small entrepreneurship. We have to think of innovative ways to come out with solutions,
which takes care of the need of not only big organizations but also SSI’s and SME’s who are the
most vulnerable. The solutions must be cost effective and innovative in nature.

Unit 1 rmi

More Related Content

What's hot (19)

Similar to Unit 1 rmi (20)

Recently uploaded (20)

Unit 1 rmi