This article will focus on risk management. It will explore the history, benefits, and costs of risk management. Risk management's relationship to insurance will be discussed. In addition, the article will describe the main corporate risk management and risk mitigation strategies and approaches including enterprise risk management (ERM), alternative risk transfers (ART), and risk differentiation. The issues surrounding corporate management of geopolitical risk will be addressed.
Keywords: Enterprise Risk Management (ERM); Geopolitical Risk; Insurance; Risk Differentiation; Risk Management; Risk Mitigation; Alternative Risk Transfers (ART)
Organizations face risks from strategic, market, credit, operational, and financial exposure as well as man-made and natural disasters (Banham, 2004). Organizations identify and mitigate these risks through active risk management. Risk management, which refers to the process of evaluating, classifying, and reducing risks to a level acceptable by stakeholders, is common practice in both the public and private sectors. Risk evaluation, classification, and management are undertaken for large and small projects and organizational decisions. Identifying and mitigating risk is the primary role of risk managers (Klinke & Renn, 2002). The potential benefits of risk management practices include the reduction of anticipated deadweight bankruptcy costs, minimization of tax payments, and protection of optimal investment programs. The potential costs of risk management practices include transaction costs and exacerbating corporate conflicts (Tufano, 1993).
Adopting Risk Management Historically
Corporations adopt risk management strategies for the potential performance benefits as well as to satisfy increasingly stringent government regulations. In particular, the Sarbanes-Oxley Act, passed in 2002 in response to corporate auditing scandals, requires that corporations engage in risk assessment and risk auditing to monitor financial reporting and auditing processes. Section 404 of the Sarbanes-Oxley Act, which focuses on management's assessment of internal control over financial reporting, instructs corporations to conduct a top-down risk assessment to evaluate the corporation's internal controls systems (Banham, 2004). Risk management has become a ubiquitous corporate practice.
Risk management is an outgrowth of insurance management. While corporate insurance dates back to 1878 when railroad interests began the practice of offering insurance to offset the inherent risk of railroad work, the practice of risk management did not emerge until the 1960s. The first corporation to explicitly implement risk management practices was the Canadian firm Massey-Ferguson. In 1966, Massey-Ferguson hired a risk manager and developed an explicit policy statement on risk management practices. The adoption of risk management practices was slowed by the lack of professionals trained in risk management strategies.
While risk management was practiced in the 1960s and 1970s by public and private organizations, corporate risk management was not widely adopted until the 1980s. The 1980s were characterized by increasing government regulations, a growing economy, and insurance crisis. The federal government passed laws, such as the Occupational Safety and Health Act, the Environmental Protection Act, and Superfund legislation, which required corporate compliance. Corporations created new positions, such as risk manager, to address liability, safety, and environmental compliance issues. In addition, the business-boom of the mid 1980s, characterized by an increase in production plants, business locations, operations and workers, required new types and larger amounts of insurance. Companies demanded more insurance options and coverage from their insurers and insurance companies balked at the demands. Companies struggled both with financing their increasing insurance needs and finding insurance policies that met the needs of their expanding businesses. Corporations increasingly hired risk managers to assess their risks and select the best insurance options for their expanding businesses.
Thus, as a result of increased government regulation and expanding businesses, the position of risk manager became common in large corporations in the 1980s and largely replaced the positions of insurance clerk, insurance buyer, and insurance manager. Risk manager, as a distinct occupation, functioned as in-house insurance expertise. Prior to in-house risk management, corporations relied on their insurance company's broker to inform the corporation of potential corporate risk and potential insurance options. The creation of risk management divisions reduced potential conflicts of interest in the insurance industry by separating insurance purchasing decisions from insurance commissions. Risk managers tend to have strong relationships with insurance brokers and are responsible for negotiating broker commissions and fees. Corporations that do not wish to hire their own in-house risk managers have the option of hiring risk management consultants. These outside advisers can be hired for discreet projects or periods of time and are generally less expensive than a full-time employee with benefits (Englehart, 1994).
Today, risk management is an established profession supported by professional organizations and numerous higher education programs. For example, the American Risk and Insurance Association (ARIA), founded in 1932, supports the career development of risk management and insurance professionals. The association’s goals also include “the expansion and improvement of academic instruction to students of risk management and insurance” (Hoyt, 2006). The association supports the Risk Theory Society, founded in 1963, to foster research of topics in risk theory and risk management. Risk management career opportunities are being expanded and strengthened by the large number of colleges and universities offering risk management majors and programs of study. For example, top business schools such the University of Pennsylvania's Wharton School of Management and MIT's Sloan School of Management, offer course options in risk management (Rose, 2000).
The following section describes the main risk management strategies and approaches, including enterprise risk management (ERM), alternative risk transfers (ART), and differentiating corporate risks, used in corporations. This section will serve as a foundation for later discussion of the issues surrounding the management of geopolitical risk.
Risk Management Strategies
A corporate risk management strategy is generally a corporate-wide approach to business practice. The main methods and elements of risk management strategy operate to integrate the risk management approach into all levels of operation and the corporate culture itself. There are six main strategies or principles that characterize corporate risk management (Jorgensen, 2005):
- Develop intimate company knowledge: Risk managers require intimate knowledge of corporate operations, goals, and missions to successfully evaluate risk exposures relating to all areas of the company.
- Align risk management vision with that of the company: Risk managers are responsible for creating an integrated risk management strategy that reflects and furthers the goals and values of the company.
- Identify and analyze the company's areas of risk: Risk managers develop successful risk management strategies by analyzing and planning for potential losses vertically and horizontally across an organization.
- Balance financials and objectives: Risk managers are responsible determining how much time, effort, and money is required to achieve a given objective. Risk managers use a balanced scorecard methodology (BSC), a management tool that translates the strategy into operational terms, to connect internal and external processes with corporate cultural and financial objectives.
- Close the gaps with strategic initiatives: Risk managers should identify the gaps between where the company is in relation to their goals and objectives and their final goals and objectives. Risk managers, along with corporate management, are responsible for finding strategies to close any existing gaps in corporate performance and achievement.
- Continual measurement and improvement after implementation: Risk managers are responsible for creating a risk management system as well as evaluating and improving its performance. Risk managers use Data capture and reporting to measure the effectiveness of risk management initiatives (Jorgensen, 2005).
Risk analysis is one of the first and most important steps in the risk management process. Risk analysis involves risk evaluation and classification. Risk classification is performed in an effort to create or select effective, efficient, and feasible strategies for...
(The entire section is 3978 words.)