Principles of Risk Management

This article focuses on the principles of risk management and the current day application of them. The first step is to identify risks; potential and realistic ones. The next step is to prevent or manage the risks. Three common risks are information technology, weather and business ethics. Information technology risks relate specifically to online data theft issues, identity theft and computer viruses. Weather concerns involve all forms of precipitation that can affect businesses like, too much rain, too little rain and not enough snow. This is very impactful to the agricultural, vacation/resort and restaurant business market. All businesses would be adversely impacted due to catastrophic weather that could destroy large geographical areas like Hurricane Katrina did (Louisiana, Mississippi and Alabama). Company leadership entails business ethics and the problems that arise due to the lack of them in the workplace. The banking industry is an example of an industry that is greatly impacted by the risks mentioned in this article because of the great financial impact brought on by the use of technology and the unpredictability of weather. Due to these reasons, it is quite obvious of the need to assess risk in all business industries.

Keywords Banking Industry; Business Ethics; Company Leaders; Cyber-risk Management Insurance; D&O Liability Insurance; Ethics; Hurricane Katrina; Information Technology; Internet; Principles of Risk Management; Rain Hedges; Risk Management; Temperature Risks; Weather; Weather Derivatives

Overview

Principles of risk management are needed even more today than ever before. In the past, many organizations either ignored the risks altogether or simply lived through the unfortunate consequences caused by them. In many cases, these organizations didn't have anyone dedicated to look at or out for potential risks that could adversely impact the company. It was, for lack of a better word, an afterthought. This apathetic way of conducting business, in turn, has caused many companies to go bankrupt and some to permanently close their business doors. Therefore, a closer look at the topic of risk management is essential.

Two Types of Risk

The process of identifying risk entails examining the likelihood of two types of risk: Potential risk and realistic risk. Regardless of the industry impacted, such an assessment is needed to not only identify risks, but to address them.

  • Potential Risks — these types of risks may or may not occur, but a plan must be put in place to stop or reduce the impact. Examples are: Stock market crashes, unusually high-levels of precipitation in a typically dry area, employees leaving the department or company and poor executive level decisions. These risks can come from internal and external forces as shown by the above mentioned examples.
  • Realistic Risks — these risks are based on known threats. Typically these threats are common for a specific industry or all industries. Examples are: loss of profits, legislative decisions, overseas regulations, information theft and computer viruses. Many times these risks come from external forces and can, as a result, cause quite a challenge to manage.

Prevention & Management of Risk

Now that the risk has been identified, steps must be taken to prevent or manage the risk. There are four main categories to consider. They are elimination, limitation, acceptance and transfer.

  • Elimination — This technique involves avoiding any and all activity that could create a risk. Therefore, a company may choose not to sell products and services in a certain geographical location due to historically inclimate weather. Another example would be a company choosing not to use the Internet as a means of selling their products and services due to concerns of information theft. The decision to eliminate an activity is one that comes with a great deal of consideration. Loss of profits and market capitalization could result from such a decision.
  • Limitation — This method entails the reduction of an actual exposure to a risk. A company or entity decides to limit the likelihood of suffering severe losses by taking precautionary steps to reduce risks. One example would be a company that chooses to sell a limited amount of products online to limit its exposure. Those products would most likely be high selling items and ones most commonly sold online. Another example is remote office locations put in place to reduce the impact of catastrophic losses of offices in areas where the weather could become volatile. Office daycares instituted to offset employee absenteeism due to childcare issues could impact work productivity and could prove helpful. Also, work safety programs implemented to educate employees on how to properly operate equipment to reduce employee injuries and/or deaths would be beneficial.
  • Acceptance — This method involves accepting certain losses incurred. In particular, risks that can't be insured against and are not worth it in the long run because the expense to insure it will not cover the overall exposure. Common examples are damages caused by War. In most cases, these damages are not covered by insurance and as a result must be accepted as a loss by businesses. Another example is a national catastrophe like a tsunami. Events like these could potentially bring about a total loss.
  • Transfer — This is the process of transferring a risk to another party. One common way of doing this is by obtaining insurance coverage. When contractors are utilized, a contract is established to assign the contractor the appropriate risk responsibility. Consultants are also utilized by some organizations to better manage risk due to the expertise they bring for their respective industry. Attorneys help companies to stay compliant and in proper legal standing. Over the past decade, many industries have incorporated the use of derivatives to hedge potential losses, protect themselves and manage the risk.

Common Risks Companies Face

Some areas that commonly create risk are:

• Weather

  • Legislation
  • Economic
  • Company Employees
  • Technology
  • The weather is a risk in itself due to the potential damage it can cause. The main problem that comes from this risk is a company's inability to do anything about the potential damage. Even if they see something coming, time may not be on their side to properly address it.
  • Legislation can be introduced at any time, which could adversely impact a business' practices, productivity and profitability. What was once a normal practice or way of doing business may have to be completely revamped, which could be extremely costly.

• The economy is always a tumultuous factor for businesses. If consumers are unemployed or are dealing with other financial constraints, this will greatly impact their buying power. It can also make the market share even more competitive for businesses.

  • People resources are always unpredictable and that in itself is a huge risk for companies. Hiring, training and retaining quality employees is a challenge for companies and causes the biggest expense. An employee's lack of productivity or unexpectant departure can greatly impact project work and plans for implementing new products and services.
  • Technology is both exciting and risky. The use of new technology can be very expensive and if it doesn't work properly it can take an organization down. This could cause loss of profitability and consumer retention. Yet, if an organization doesn't keep up with new technology it could be left behind and become uncompetitive.

Applications

There are several types of risks an organization faces today. This article will discuss a few of them. These risks involve information technology, weather and business ethics.

Information Technology

Technological advances have improved and made life more enriching for everyone who has taken advantage of them. In particular, the information highway, also known as the Internet, has been a huge contributor to such improvements. The conveniences that a click and a few keystrokes make are priceless to many consumers each day. The Internet is used to conduct research, make purchases, communicate with friends and family across the world, find directions, store data and countless other processes.

Information Theft

Along with access to endless quantities of information comes the risk of such information falling into the wrong hands. This information includes addresses, phone numbers, bank accounts, credit card account numbers and business data. Computer hackers have repeatedly been able to infiltrate confidential data from consumers and businesses. As a result, there have been frequent reports of computer viruses that have crippled companies and in some cases put them out of business. Business transactions conducted on the Internet can be quite profitable and convenient, but at times also very dangerous. That's why information theft has come to the forefront of what concerns corporate executives and consumers as a whole today. It can take months, if not years to clear up this type of information theft problem. Credit reporting information may take even longer to restore.

Cyber-risk Insurance Policies

Though there are issues, businesses have found a saving grace because now they have an option to purchase cyber-risk insurance policies. These policies provide coverage for companies that have experienced breaches in information security on the Internet. This type of insurance provides some relief for businesses, which they haven't had before. Some things cyber-risk insurance protects against are theft of trade secrets, destruction of hardware, software, data and extortion of hackers. Some third-party risks that are covered are computer viruses inadvertently forwarded internally, failure to provide products because a hacker or virus stopped the insured's delivery system, unauthorized contents placed on the company Website and the theft of credit card records. A business seeking this type of insurance coverage can obtain multi-million dollar coverage, which offers a great deal of relief to an ongoing problem (Gordon, Loeb & Sohail, 2003).

Weather

It is estimated that four-fifths of all economic activity worldwide is directly or indirectly affected by weather. Also, the US Department of Commerce says that at least $1 trn of the US economy is weather-dependent. With this type of monumental impact, it is no wonder why businesses should factor in this topic when discussing risk management. Virtually every industry is impacted by the weather. If a major storm (hurricane, tornado or thunderstorm) were to occur the destruction of crops would adversely impact food service, restaurant and grocery store industries, to name a few. This could bankrupt a business, especially the smaller mom and pop businesses. Severe damage could occur if a major earthquake occurred in California destroying homes, roadways, and businesses. Cities in this state could be virtually shutdown. It is very apparent, directly or indirectly, that most industries have the potential to be impacted and must do something to protect themselves (Triana, 2006).

Weather Derivatives

Due to the impending dangers that weather related risks could cause, many companies have adopted the use of weather derivatives. These financial instruments can be customized to determine the amount of risk a company may be exposed to when it comes to weather. Electricity and power firms were the pioneers of using these derivatives to hedge their risks and they are still the leaders of using these tools. With this type of protection, a business dependent on snow (like a ski resort) would be protected if there were a very limited supply during the ski season. This would also be the case for various food service industries if crops did not get enough rain. Companies utilizing these tools would receive compensation due to covered losses. The two most commonly used weather derivatives are temperature risks and rain hedges. The examples stated above would use these two types of weather derivatives (Fischer-Rief & Ward, 2003).

Business Ethics

The onslaught of lawsuits against company leaders has been alarming. Something that used to be unheard of has become fairly common. Companies like WorldCom, Enron and Arthur Andersen gained popularity in recent years not due to profitability, but because of falsified accounting reports. One by one, companies were the topic of discussion by the media for this very reason. In particular, what came to light and became the focus were company leaders and their unethical and illegal practices. They abused their authority and stockholders and employees paid the price. This issue has fueled the discussion on ethics and the risks involved when they are not in operation. It has been proven with the above companies that extremely harmful and sometimes irreparable damages may result.

Developing a Code of Ethics

It is critical for a company to develop and enforce a code of ethics. The following should be done as a way to create such a code of ethics:

  • Educational materials should be created to provide structured ethical training in all levels in the business
  • Documentation and evaluation of risk management using an ethical performance framework
  • Inclusion of ethical codes of practice in organizational handbooks
  • Inclusion of self-assessment on ethics in appraisals
  • Appointment of ethics officers.

These efforts would show from the top down that good ethical behavior is required and taken seriously. The next course of action would be to address improper behavior immediately. This may mean additional training, job demotion or termination for the employee. If immediate action isn't taken, other employees will not take the ethics code seriously. It is because of disparities in the above practices that company leaders had the impression they could do anything without repercussions. Such an attitude creates great risk (Robertson, 2005).

Since company leaders have been under fire in the scandals mentioned above, it would benefit businesses to consider getting directors and officers (D&O) liability insurance. This insurance and variations of it provide protection for the directors and officers' individual assets, defense costs and payouts. Relief and closure are two main benefits that would derive from this coverage. With the influx of record-breaking settlements, this insurance is critical. It could be the difference of staying in or going out of business. Although it provides definite benefits, company leaders should not allow this insurance coverage to cloud their view of doing what is ethically right. The best defense of risk management is to not put the company leader and company at risk (Ferrillo, 2005).

Issues

Information Technology

As stated above, Internet use poses a serious risk to companies. Since the availability of the Internet is so vast, it can be very difficult to catch culprits in wrongful acts. The Internet can be used at home, on the job (usually), in the public library, at school and at a friend's house. Therefore, it would be difficult to determine who performed the illegal activity. Add to the mix the variety of wireless technology available today, and it is clear why the issue is so complex. Some individuals have multiple aliases and are quite capable of getting around firewalls to cause damage to individuals' and companies' data. The more safeguards that are created and put in place to protect potential victims, the more innovative criminals become to counter them. This will continue to be a problem for years to come since the Internet is so heavily used today. Some businesses are strictly run on the Internet and some businesses have achieved greater profit levels because of the availability of the Internet. The need for this tool would make one think that the world has never been without it.

Weather

As discussed above, weather derivatives have benefited businesses. They have allowed those businesses to continue to function and operate inspite of losses due to weather. Without these tools, it would be virtually impossible for some businesses to succeed. However, the unpredictability of the weather will challenge the validity of the weather derivative results. The weather derivatives cannot supersede Mother Nature's will. Meteorologists have access to some of the most up to date technology to make weather predictions for the world. Making predictions a week or two in advance has become the standard. Meteorologists also report on weather trends and provide historical data regarding record-breaking temperatures and symbolic weather events of the past. With all of this information at their fingertips, it would appear that they have everything they need to get it right, but this is not the case. Unfortunately, earthquakes, hurricanes, tsunamis, snow and ice storms suddenly appear, change directions and escalate without warning or notice. It's a part of life that no one can truly prepare for no matter how much information is available. Due to this reason, the weather will always be a factor for both the consumers and the businesses alike.

Business Ethics

Companies and company leaders have options to offset the risk associated with their business. Developing and implementing a code of ethics program is great, but if the board of directors and senior leadership don't buy-in from the beginning, the code of ethics will not work as intended. Accountability is key regardless of a person's position in the company. D&O liability insurance is a great asset to company leaders and companies, but since there have been so many companies charged with securities lawsuits the courts have been awarding hundreds of millions of dollars to the financial detriment of businesses. Can insurance companies afford to pay untraditionally high payouts? How much premium will need to be paid to ensure proper coverage? Can businesses afford it? Tough questions for tough times as companies consider their risks.

Viewpoints

Banking Industry

The banking industry as a whole has been greatly impacted by various risks. Some of those risks come from the economy, environment and technology. Arguably, this industry is one of the riskiest ones to be in due to the great potential for turbulent results. Taking a deeper look at two of the risks mentioned in this article will explain why this is the case.

Information Technology & the Banking Industry

Online banking is very popular today. People enjoy the convenience of taking care of their financial affairs online. Benefits include the elimination of postage costs, reduced gas consumption and time savings. Other benefits include online bank statements that can be reviewed or printed at any time as well as an online bank ledger that takes away the need for keeping paper records. These banks also allow the account holder to review scanned images of handwritten checks to verify account transactions. All of these perks seem like a win win situation for consumers until such convenience is violated by information theft. Personal financial exposure is an obvious impact, but the potential loss of business due to this problem could prove even more damaging. This risk comes from taking advantage of growth opportunities through the Internet which could prove to be very profitable or expensive. The banking industry or individual banks considering the growth opportunities provided by the Internet must determine if the benefits outweigh the risks.

Weather & the Banking Industry

The banking industry can be severely effected by natural disasters. Hurricane Katrina is a prime example. Banks financed many of the homes that were destroyed due to the hurricane. As a result, those banks had to deal with loan defaults from those impacted states (Louisiana, Mississippi and Alabama) as many home sites were abandoned and the owners relocated. The average homes in those states were valued between $85,000 and $125,000. Had a disaster on the same scale happened in a more expensive area of the nation, such as California where the median home value was $500,000, losses could have been devastating for the banking industry (Esola, 2007).

Unlike the insurance industry, banks haven't had a plan in place to address these risks in the past. As stated above, some businesses don't have a plan and don't appear to be developing one any time soon to deal with or alleviate risks. Banks should consider following the lead of insurance companies. The insurance industry has exclusions and limitations to protect themselves. Instead, banks have made inaccurate assumptions by relying on emergency state and federal programs that have limits on how much they will pay. There will be even greater limitations when catastrophic damages occur like Hurricane Katrina due to the large number of payouts. The business industries can't take this lightly. The potential impact is too great too bear alone. The banking industry must begin to follow the principles of risk management to reduce their exposure (Esola, 2007).

Conclusion

The process of evaluating the principles of risk management is essential to a company's success. As shown throughout the article, success in risk management could be the difference of simply going through the motions and being proactive. The need is there and due to the risks that companies are facing today, risk management must be taken seriously. There are a variety of risks that affect the various business industries. Three main risks are information technology, weather and company leaders. Each poses its own serious threat. Fortunately, there are methods to overcome or counter them. The first step is to identify risks, both the known and the potential. Once this has been done, prevention or management should be implemented. The key to effective risk management is doing something about it. It's very important to seek solutions and adjust accordingly. It is equally important to evaluate the effectiveness of those solutions and make changes when needed. The solutions available today are vast. As more data is collected, trended and evaluated, the continued effort of developing innovative risk management solutions will create the most effective means of diminishing risk and eliminating it altogether when feasible. Ultimately, this is the goal for every organization.

Terms & Concepts

Banking Industry: Traditional banks that provide residential (home) loans to consumers.

Business Ethics: Company code or standard that governs one's behavior on the job. Usually communicated and demonstrated for employees through training, company manuals and company leadership.

Company Leaders: Senior leadership, directors, and officers of a company with the power to make decisions that have a major and direct impact on the success or failure of the company.

Cyber-risk Management Insurance: Internet based insurance coverage that protects companies from theft of trade secrets, destructions of hardware, software, data and extortion of hackers. Third-party coverage protects against forwarded computer viruses, loss of productivity due to hacker violations, unauthorized data on websites and theft of credit card records.

D&O Liability Insurance: Liability insurance that provides coverage for directors and officers of a company. It provides protection for directors' and officers' individual assets, defense costs and settlement payouts.

Internet: Also known as the "information highway." This tool houses a seemingly unlimited amount of information (online banking, email, map directions, news, etc).

Principles of Risk Management: Three key steps to identify a potential problem, options to correct problems and consequences of action or inaction. Important exercise for all businesses to go through in order to determine risks and to take the necessary steps to resolve them.

Rain Hedges: Type of weather derivative that compensates businesses from loss due to rain shortage and/or increases.

Risk Management: Taking the necessary steps to diminish or eliminate a known or potential issue that could cause undue financial harm to a business.

Temperature Risks: Type of weather derivative that compensates businesses from loss due to weather related issues like a shortage of snow or prolonged cold temperatures in a normally warm climate, etc.

Weather: All types of precipitation from the minimal impact (rain, snow, winds, etc) to the extreme impact (tornadoes, hurricanes, tsunamis, earthquakes, etc).

Weather Derivatives: Financial instrument that can be customized to the company's needs to determine weather related risks.

Bibliography

Courbage, C., & Mahul, O. (2013). Promoting better understanding on sustainable disaster risk management strategies. Geneva Papers on Risk & Insurance - Issues & Practice, 38, 401-405.Retrieved November 15, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=88899037&site=ehost-live

Esola, L. (2007). Banking industry faces huge risk in major disasters, insurers tell ABA. Business Insurance, 41, 4-20. Retrieved May 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=24101617&site=ehost-live

Esola, L. (2007). Data protection, pandemic planning among top backer concerns at ABA conference. Business Insurance, 41, 20. Retrieved May 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=24101634&site=ehost-live

Ferrillo, P. A. (2005). D&O liability insurance trends 2005. Corporate Board, 26, Retrieved June 17, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=16916025&site=ehost-live

Finstam, R. M. (2005). Risk management affects us all. British Journal of Administrative Management, 45, 4-6. Retrieved May 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=15821156&site=ehost-live

Fischer-Rief, V. (2003). Weatherproof. Euromoney, 34, 10. Retrieved May 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=11255273&site=ehost-live

Gordon, L. A, Loeb, M. P. & Sohail, T. (2003). A framework for using insurance for cyber-risk management. Communications of the ACM, 46, 81-85. Retrieved May 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=12493505&site=ehost-live

Halperin, A. (2007, January 29). Shielding business from wild weather. Business Week Online, 19. Retrieved May 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=23854471&site=ehost-live

Heffernan, R. (2012). Managing Mother Nature. Banking New York, 218-26. Retrieved November 15, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=73027688&site=ehost-live

Heineman, B. W. (2007). Avoiding integrity land mines. Harvard Business Review, 85, 100-108. Retrieved June 17, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=24267439&site=ehost-live

Krivkovich, A., & Levy, C. (2013). Managing the people side of risk. Mckinsey Quarterly, , 123-128. Retrieved November 15, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=91665820&site=ehost-live

Lustgarten, A. (2004). Banking on the weather. Fortune, 149, 88. Retrieved May 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=13185369&site=ehost-live

Musshoff, O., Odening, M., & Wei, X. (2011). Management of climate risks in agriculture-will weather derivatives permeate?. Applied Economics, 43, 1067-1077. Retrieved November 15, 2013, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=60040835&site=ehost-live

Robertson, I. (2005, August). In my opinion. Management Today, 6. Retrieved June 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=18298054&site=ehost-live

Triana, P. (2006). Are you covered? European Business Forum, 26, 50-55. Retrieved May 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=23532583&site=ehost-live

York, J. (2005). Prepare for the worst. Fleet Owner, 100, 32. Retrieved May18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=18603709&site=ehost-live

Suggested Reading

Childers, D. & Marks, N. (2005). Ethics as a strategy. Internal Auditor, 62, 34-38. Retrieved June 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=18520883&site=ehost-live

Kuver, P. P. (1999). Managing risk in information systems. Year 2000 Practitioner, 2, 1. Retrieved May 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=2215651&site=ehost-live

Nelson, R (1999). Risk management and insurance. In Shopping center management (pp. 193-204). New York, NY: International Council of Shopping Centers. Retrieved May 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=24017020&site=ehost-live

Risk management & insurance. (2004). Meeting News, 82-86. Retrieved May 23, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=14113697&site=ehost-live

Active hurricane season brings danger. (2005). Safety Compliance Letter, 2457, 11-12. Retrieved May 18, 2007, from EBSCO Online Database Business Source Complete. http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=18379632&site=ehost-live

Essay by Sheryl D. McClinton

Sheryl D. McClinton holds an MA in Management with concentrations in General Management and Conflict Resolution Management from Dallas Baptist University. She is a business professional with extensive knowledge and experience in leadership and business concepts.