Five Primary Risk Management Techniques
Corporate risk management is critical to helping organizations protect themselves from losses and reduce their risk exposure. Solid risk management can help limit financial and reputational damage and may lead to increased access to capital.
There are five primary risk management techniques that almost every business should deploy:
- Avoidance: It is often impossible to avoid all risks, but the possibility should not be overlooked. For example, some businesses may not release vehicles for travel during inclement weather until the weather clears, thus avoiding the risk of auto accidents during severe weather. For other businesses, if there is a known issue with water problems in some areas, the risk may be avoided by not allowing the storage of records or supplies in those areas.
- Retention: At times, based on the likely frequency and severity of the risks presented, retaining the risk or a portion of the risk may be cost-effective, even though other methods of handling the risk are available. For example, businesses can plan to identify and then retain the risk of forecasted losses. When losses occur, the cost may be absorbed by their associated budget, except for those situations involving the negligence of a third party.
- Spreading: The risk of loss to property and persons can be spread. Record and document duplication and the storage of duplicate copies in different locations are examples of spreading risk. A small fire in a single room can destroy the entire records of a department’s operations. Placing people in many buildings instead of a single facility can also help spread the risk of potential loss of life or injury.
- Loss Prevention and Reduction: When risk cannot be avoided, the effect of loss can often be minimized in terms of frequency and severity. For example, risk management encourages the use of security devices on specific equipment to reduce the risk of theft.
- Transfer (through Insurance and Contracts): In some cases, risk can be transferred to others, usually by contract. When outside organizations use or work within your business, ensure they provide evidence of insurance and name your business as additional insured under their policy, thereby transferring the risk of the usage to the facility user. The purchase of insurance is also referred to as a risk transfer since the policy actually shifts the financial risk of loss, contractually, from the insured entity to the insurance company. Insurance should be the last option and should be used only after evaluating all other techniques. Vendors and service providers may also attempt, through a contract, to release themselves from all liability for their actions relating to the contract. These are often referred to as “hold harmless or indemnification” clauses. Due to the complexity of interpreting these provisions, such contracts should be reviewed to identify and assess risks, evaluate insurance standards, and review and hold harmless any indemnification provisions.
If you have questions about risk management or want more information about implementing these techniques, please contact Epiq Risk Management.