The process of managing risk

Before we discuss the process of managing risk, let us first discuss the classic risk management model as illustrated in Figure 1 below.

 In terms of this model, risk management consists of two components, namely:

1. Risk control, and
2. Risk financing. 

Firstly, an attempt is made to control risk and secondly, losses that result from the exposure to pure risks have to be financed.  It is not possible to prevent all losses – and sometimes not even cost effective to control all risks.  Therefore, adequate and appropriate funding is necessary to pay for these losses.  

In terms of risk control, different disciplines have been developed over the years to manage specific risk exposures:

• Safety being developed for the control of accidental loss such as injuries, occupational diseases, damage to property, etc.
• Quality assurance management to control the risk of producing a substandard quality product or rendering of a substandard quality service.
• Maintenance systems to control the risk of premature failure of equipment, extending life expectancy of equipment, etc.
• Human resources departments for the control of the risk of employing incompetent personnel, etc.  

Risk financing is vital to ensure that adequate and appropriate funds are available to pay for losses.  The funds can be from the company’s own sources or from outside sources such as insurance.  

The model is sometimes used to structure the risk management department in an organisation, however, the model does not reflect the process of managing risk; no reference, for example, is made to risk assessment.

Risk has two dimensions, namely:

1. Consequence or “how bad will the outcome be if”.
2. Likelihood or “how likely is it to happen?”

”It should be clear that total safety is impossible (and uneconomically) and that zero risk is unachievable.  There are some potential hazards, although they are truly horrendous, that are so unlikely to occur that we have to live with that possibility.  In other words, the risk is tolerated.

On the other hand, there are some smaller consequence events that occur frequently that are controlled because they reduce the quality of our lives and the profitability of our businesses.  When thinking in this way, a “paradigm shift” can occur – our view of reality changes.

Once we start to think in terms of risk, we automatically start to rank and prioritise.  This is another great virtue of risk assessment.  It allows us to plan and programme our investments, enabling us to become proactive, to break the cycle of reaction, to control and manage our risks.

The process of managing risk can be illustrated as follows:

A process of managing risk needs to be in place – a process that would constantly review and update information on risk and review and improve control measures as appropriate.  Let us look at each of the 7 steps in the process.

In order to manage risk, the first step is to identify hazards.  In the workplace hazards can manifest themselves in the form of people, equipment, materials, substances, physical conditions, chemicals, plant, machinery, tools, activities etc.  Hazards are those things that have the potential to result in injury, harm, damage, or illness due to contact with a person, equipment or the physical environment.  Hazards may not always be visible hence present themselves as hidden risks e.g. super heated steam, electricity etc.

Once the hazards have been identified, the level of risk and the threat that it poses to the organisation has to be analysed and determined.  At this stage the adequacy of present safeguards must also be considered.

With the extent of the risk known, a decision must be taken whether with the existing safeguards, the risk is acceptable or whether something needs to be done about it.  Should the level of risk be found to be acceptable, it could be tolerated but measuring and monitoring is required to detect any change in the level of risk.

This is part of the risk management process where the strategy for dealing with specific risks is formed.  Any of the techniques of risk control or risk financing may be selected here; as a general guideline, however, it is wise to combine at least one control measure with at least one financing technique for each risk faced.   

• Terminate: This is strictly a risk control technique, and this approach is a synonym for risk avoidance. It should be thought of as including both the refusal to expose the organisation to a risk in the first place and the complete elimination of a risk that is already present in the operation.  This is the only risk management technique designed to be used without any others.  

• Transfer: Perhaps the most common risk transfer is to finance losses through insurance, but many types of contractual transfers are also common. Risk control plays an important part here too since transfers are not foolproof and almost always leave some chance that the “transferrer” may suffer a loss.
• Treat: Also related to risk control, “treating” the risk includes the techniques known as risk control, or loss prevention, and reduction. Note that when these techniques are applied, the risk still exists, the tools are designed to stop or reduce losses only. 

With work identified and standards set, the required control measures are implemented.

It is often found that control measures are implemented and never reviewed unless something drastic, for e.g. a major incident occurs.  

Therefore, in order to ensure that the control measures are indeed as effective as was intended, they need to be monitored and measured. This measurement can be in the form of regular measurement by sampling, or by comprehensive measurements, such as auditing, on a periodic basis.

Following the measurement or audit, the results need to be analysed in order to understand what the measurement revealed.  

The measurement evaluation may reveal that:

• Firstly, everything is on target and therefore one would want to commend somebody for good performance.
• Secondly, it may reveal a deviation from the set standards, in which case one has to apply constructive correction.
• Thirdly, the measurement may reveal that the control measures are ineffective or that the standards or work to be done are inadequate to control the hazard adequately or possibly even that not all hazards have been identified, in which case the process starts again at hazard identification. When these techniques are applied, the risk still exists, the tools are designed to stop or reduce losses only.

Every member of management will ensure that:

1. Each employee has received the proper job induction prior to the start of his/her work activity. 

2. Each employee has had a complete induction on all rules prior to beginning his/her job and that he/she knows and understands them. He/she will also make sure that a complete annual review of all rules is performed and take such action to ensure that they are enforced.  

3. An approved standard task procedure has been developed for each critical task under his/her responsibility and that it has been issued to and thoroughly reviewed with each employee involved. He/she will update these procedures and review them with employees where required but not less than annually.  

4. Any unsafe practice or condition reported to him/her by an employee is promptly placed in the condition report system and followed up promptly. He/she will conduct and record the results of his/her inspection of the entire area under his/her responsibility not less than once every two months and make sure that all critical parts in his/her area are inspected as required.  

5. Each employee receives proper task instruction (PTI) with every new or different task assigned and that loss control tips are given frequently during routine contacts on a day-to-day basis.  

6. The skill training programme required for operators of machinery and equipment is properly given and recorded.  

7. All employees are fitted for and issued with required protective equipment and that it is properly recorded. He/she will ensure that 100% compliance is maintained.  

8. Each employee attends a weekly group risk control meeting.  

9. Every incident resulting in physical harm or property damage is immediately investigated and reported on the supervisor’s report form.  

10. He/she maintains an accurate knowledge of the degree of compliance he/she is maintaining with required minimum standards. He/she will be prepared to discuss his/her performance with upper management at all times.

The table below represent areas and categories of potential loss.

The table below represent the types of risks related to people.

The table below represent the types of losses related to material.

The table below represent the types of losses related to process.

The table below represent the types of losses related to finance.