Каталог :: Экономика

Реферат: Risk Control

     CHAPTER 8
Risk Control
     Learning Objectives
After you have completed this chapter, you should be able to:
1. Distinguish between risk control and risk financing methods.
2. Explain the relationship between risk control and risk assessment.
3. Identify the positive and negative attributes of risk avoidance.
4. Distinguish between loss prevention and loss reduction activities.
5. Understand the benefits and costs of loss prevention and loss reduction.
6. Explain the purpose of the Occupational Safety and Health Administration
7. Identify examples of governmental involvement in risk control.
Risk control methods seek to alter an organization's exposure to risk. More
specifically, risk control efforts help an organization avoid a risk, 
prevent loss, lessen the amount of damage if a loss occurs, or 
reduce undesirable effects of risk on an organization. The application of
techniques to achieve these ends may range from simple and low-cost to complex
and costly. Risk control methods are exemplified by security systems to prevent
unauthorized entry or access to data; by sprinklers and other fire control
systems; by training programs to edu­cate employees on techniques to reduce the
likelihood of injury; by the devel­opment and enforcement of codes regulating
construction, with the purpose of decreasing the vulnerability of structures to
forces of nature; and so on.
In concept, risk control is an intermediate point between risk assessment and
risk financing. Risk control efforts are prompted by an awareness and
recognition of an exposure to risk. In turn, risk control efforts determine
the ex­tent to which undesirable effects of the risk are manifested within
the organiza­tion. Ultimately, these undesirable effects translate into
financial results. This sequential description implies that risk control is
linked to risk assessment and to risk financing in important ways. These
linkages become key points in un­derstanding the thought process of a risk
Effective risk control reduces an organization's exposure to risk. More
formally, risk control includes techniques, tools, strategies and processes
that seek to avoid, pre­vent, reduce, or otherwise control the frequency
and/or magnitude of loss and other un­desirable effects of risk; risk control
also includes methods that seek to improve under­standing or awareness within
an organization of activities affecting exposure to risk.
The use of risk control methods in an organization can be based on criteria
applying generally to nearly all areas of activity including risk management:
a balancing of benefits against costs. In some instances/ external influences
such as state and federal governments mandate the use of risk control methods
or provide other incentives affecting the use of risk control. Where such
direct in­centives are absent, an even-handed balancing of benefits and costs
of risk con­trol often tends to understate its true benefits. This statement
is based upon three considerations: (1) the cost of risk financing is
commonly greater than the cost of losses, (2) losses typically generate
indirect or hidden costs that may not be revealed until the distant future,
and (3) losses can have effects outside an or­ganization.
Point 1 can be illustrated by considering insurance. The dollars spent for
in­surance include the insurer's charges for overhead, profits, taxes,
commissions, and so on. To the extent that risk control can prevent a loss,
the costs of the loss are saved but so are at least some of the
administrative and transactional costs. Even in situations in which an
organization self-finances losses, the savings de­rived would have to include
administrative costs necessary to self-administer the claims.
Points 2 and 3 are important. Almost invariably, a direct loss will generate
indirect, consequential, and time element losses. Some of the loss costs may
fall on society or on others, as when an organization pollutes the
environment. To the extent that losses are prevented or controlled, these
costs are eliminated and the case for risk control is further strengthened.
In Chapter 3 the subject of risk assessment was introduced and discussed.
That discussion explained that risk assessment involves a thorough and
critical analysis of the process through which gains or losses are produced.
The study and analysis of the sequence of events leading to such outcomes is
influential in the development of risk control solutions, since an
understanding of how out­comes occur very often leads to insights into
possible risk control methods. The linkage between risk assessment and risk
control becomes more explicit  by considering the "risk chain," a concept
that describes the process leading to loss as a linked chain of events. The
"links" in this chain are:
1. The hazard
2. The environment
3. The interaction
4. The outcome
5. The consequences.
The hazard is the condition that might lead to a loss, for instance, an
improperly maintained piece of heavy machinery. The environment is the
context in which the hazard exists, for instance, the shop floor where the
improperly maintained piece of machinery is located. The interaction is the
process whereby the hazard interacts with the environment, sometimes having
no effect and sometimes re­sulting in loss. For instance, a worker operating
this improperly maintained equipment might suffer injury because a protective
screen is not in place when a drill bit breaks. The outcome link is the
immediate result of the interaction, in this case a serious eye injury.
Finally, the consequences link refers not to the im­mediate outcome (the
injury) but rather the longer-term consequences of the event; a workers'
compensation claim, repair of the equipment, an OSHA penalty, and so on.
The risk chain is discussed here to show the relationship between risk
as­sessment and risk control. As part of risk assessment, a risk manager is
likely to analyze the nature of hazards within the organization, the
environment in which these hazards exist, the potential outcomes when hazards
interact with environment, the immediate outcomes of accidents and the
longer-term conse­quences. While this analysis is occurring, however, the risk
manager is quite likely to be considering possible strategies for managing a
particular risk. For instance, an analysis of the previously described risk
might suggest to the risk manager that machinery maintenance is a major part of
managing the risk, so adopting maintenance protocols for this equipment may
become the center-piece of the risk management plan for this particular area.
Readers interested in the risk chain concept are directed to Merkhofer's 
Decision Science and Social Risk Management (Merkhofer, 1987), which
develops a similar idea.
Risk financing methods are used by organizations to provide resources for
re­imbursing the cost of loss (insurance, for example). Most organizations
utilize some financing mechanism that transfers the risk to another party or
they retain the risk and absorb the cost of losses internally. Risk control
has a powerful re­lationship with risk financing because the control of risks
can have a significant effect on the frequency and severity of losses that
must be "financed."
The positive effects of effective risk control on an organization's risk
fi­nancing costs are likely to occur irrespective of the particular risk
financing methods used. If losses are retained, the benefit is obvious—losses
do not occur
and loss financing is not needed. Also, for most medium and large
organiza­tions, the pricing of insurance or other financing mechanisms is based
upon the principle that, over time, the organization will pay almost the (if
not the) full cost of its losses. That is, except for the rare
catastrophic loss, most organizations above a certain size ultimately pay for
all the losses they suffer. Therefore, any effort to control a risk will
usually have a positive effect on the cost of financing. While this may seem
obvious, the relationship sometimes escapes the attention of managers. As an
illustration, many managers hold the view that an injured worker collecting
workers' compensation benefits is "no longer the organiza­tion's problem"
because "workers' compensation will take care of the worker." This comment
could be made only if the manager fails to see that her organiza­tion's loss
experience and risk control efforts directly influence the cost of its workers'
compensation insurance.
As with risk control and risk assessment, the actual implementation of risk
control and risk financing activities rarely occurs in a sequential manner.
For ex­ample, an insurer may stipulate that certain risk control activities
occur as a con­dition of the insurance (risk financing) contract. These
activities might include the installation of a sprinkler system in a
warehouse or the adoption of stan­dardized safety procedures.
The term "risk control" traditionally has been applied to methods addressing
possible losses rather than gains. However, nothing about the concept of risk
control requires it to be limited to "pure" risks. It is true that risk
control meth­ods are limited by an organization's ability to exert an
influence on the fre­quency and severity dimensions of the risk; for
instance, an organization may have almost no control over the risk of changes
in the price of a widely held common stock. However, this does not preclude
the application of risk control to "speculative" risks. This is especially
the case because the organization fre­quently has control over its exposure
to "uncontrollable" risks. The organiza­tion can avoid the uncontrollable
investment risk mentioned above by not in­vesting in that particular company.
The concept of risk control applies to all risks, whether or not gains are
pos­sible. For a business, profit is the difference between revenues and
costs, both of which are uncertain. Most actions of managers affect both
revenues and costs. The pure/speculative risk dichotomy fails to
unambiguously classify the type of risks addressed by efforts such as quality
control, which can have effects on both future revenues (through enhancement
of perceived value) and future costs (through reduced warranty claims and
reduced injury costs).
Risk control applied to speculative risk is exemplified by a business
enter­ing a joint venture with a foreign-based marketing organization as a
means of gaining entry to a foreign market. On the one hand, the entry into a
foreign market is a deliberate acceptance of a new exposure to risk. On the
other hand, the joint venture agreement provides access to the skills,
knowledge, and con­tacts of the foreign-based organization; it also creates
an incentive for the for­eign organization to work towards the success of the
project. As a consequence,
the use of the joint venture tendsTcTmitigate tne exposure. inc luini ui 110^
^^. trol illustrated by this example can be described as rzsfc selection 
or selective expo­sure: the deliberate choice by an organization of
risks for which its knowledge and skills provide a relative advantage in
risk-bearing. A well-designed mission statement for an organization can offer
guidelines for selecting risks that are aligned with the organization's
Most organizations today would be unfamiliar with this interpretation of risk
control. For one thing, this definition seems to suggest the existence of an
organization "master plan" for risk control. That is unlikely to be the case,
be­cause most organizations continue to rely on specialists to control risk:
market­ing managers control marketing risk, finance managers control
financial risks, risk managers control pure risks, and so on. However, the
fact that organiza­tions do not, generally, coordinate their risk control
activities does not mean there is no value in doing so.
Risk Control
Risk management has been described as an "art," because creativity seems to
play an important role. The illustrations that follow emphasize that view.
The activities that constitute one organization's risk control efforts may be
quite dif­ferent from the efforts of a similar organization in another part
of the world. Or­ganizations vary as to their desire for risk control, and
any particular risk may be managed through a variety of techniques. Indeed, a
comprehensive list of risk control applications would be virtually endless,
limited only by the collec­tive imagination of the risk management community.
Although risk control programs can vary from organization to organization as a
consequence of creativity and innovation, a typology of risk control tools and
methods still exists. Risk control tools and techniques can be categorized as 
risk avoidance, loss prevention, loss reduction, information management, and
some types of risk transfers.
     Risk Avoidance
One way to control a particular risk is to avoid the property, person, or
activity giving rise to possible loss by either refusing to assume it even
momentarily or by abandoning an exposure to loss assumed earlier. The first of
these avoidance activities is proactive avoidance, while the second is 
Government and business risk management practices reveal several exam­ples of 
proactive avoidance. A leading chemical firm once planned to conduct a
series of experiments in a rural area containing a single small town. While
preparing for the experiments, the researchers discovered that the venture
might possibly cause extensive property damage to the community. The risk
manager was asked to purchase insurance against this possibility, but only a
few insurers were willing to provide the protection, and the premiums for
in­surance were much greater than the firm was willing to pay. Consequently,
the firm decided against conducting the experiments.
A governmental entity recently was bequeathed a small amusement park.
Risk Management Methods and Techniques
The park, which contained a number of antiquated rides for children, was
in­spected by the risk manager who determined that the rides were extremely
haz­ardous. After some negotiation between the government and the estate
execu­tor, the estate sold the rides for scrap and donated the vacant lot to
the government. That government converted the lot to an "open space" park,
which contains several gardens, fountains, and walking paths. In this case,
one might argue that the government did not proactively avoid the source of
the risk (the park), but it did avoid the hazards (the rides). Through such
an example, read­ers can see that avoidance is not always a clear-cut matter.
Indeed, in many cir­cumstances, successful avoidance may be as much a matter
of how the risk is defined as it is a matter of applying a technique.
Avoidance through abandonment is, perhaps, not quite as common as
proac­tive avoidance, but it does occur. A risk manager of a university may
recom­mend against serving alcoholic beverages at university-sponsored
functions be­cause of dram shop liability. A pharmaceutical firm may choose to
discontinue the production of some particular product when reports of serious,
and hereto­fore unknown, side-effects begin to surface. An apartment management
firm may decide to remove a swimming pool from its premises upon learning that
a majority of the renters have small children.
Avoidance is an effective approach to the handling of risk. By avoiding a
risk, the organization knows that it will not experience the potential losses
or the uncertainty that the risk may generate. However, it also loses the
benefits that may have been derived from that risk. Indeed, this very fact
often makes avoid­ance an unacceptable option. A particular activity—the
production of some product, the provision of some service—may provide
economic rewards whose expected value far exceeds potential loss costs at the
There are other circumstances when avoidance simply is not possible. The more
broadly the risk is defined (say, "property damage"), the more likely this is
to be the case. For instance, the only way for an organization to avoid
prop­erty damage is to sell all its physical assets. Or, for most college
students, the most significant risk they face is likely to be their future
earning potential, a risk that cannot be avoided. More narrowly, governments
(and particularly the courts) may impose legal expectations that cannot be
avoided. An employer cannot avoid the costs of financing the risk of
unemployment because partici­pation in the unemployment insurance program is
mandatory. The Occupa­tional Health and Safety Administration (OSHA) imposes
the risk of fines for employers who fail to meet safety standards. Finally,
such legal concepts as strict liability may impose a potential obligation or
duty upon an organization that cannot be avoided.
The context of the decision to avoid also may make avoidance impossible. A
risk does not exist in a vacuum, and a decision to avoid a risk might
actually create a new risk elsewhere or enhance some existing risk. For
instance, a city council was told that one of two bridges crossing a river in
the city center was in a state of serious disrepair. In response, the council
decided to close the bridge and divert all traffic to the second bridge. The
increased traffic load made failure of the second bridge more likely to
occur, and within a year that second bridge collapsed. Risks that most
organizations encounter often are interrelated
in some way, and the removal of one can adversely affect the risks remaining
in the "risk portfolio."
Finally, a risk may be so fundamental to the organization's reason for being
that avoidance cannot be contemplated. A mining concern may wish to avoid the
risk of tunnel collapse, but true avoidance would mean leaving the mining
Risk Control
     Loss Prevention and Loss Reduction
Loss prevention and reduction measures attack risk by reducing the num­ber of
losses that occur (i.e., loss frequency is reduced) or by mitigating the
amount of damage when a loss does occur (i.e., loss severity is reduced).
From a public policy perspective, loss prevention and reduction have the
distinct ad­vantage of preventing or reducing losses for both the individual
organization and society while permitting the organization to commence or
continue the ac­tivity creating the risk.
     Loss Prevention. Loss prevention programs seek to reduce the number of
losses or to eliminate them entirely. The earlier discussion of the risk chain
is im­portant to recall here, because loss prevention activities seek to
intervene in the first three links in the chain: the hazard, the environment,
and the interaction of hazard and environment. That is, loss prevention
activities are focused on:
1. Altering or modifying the hazard
2. Altering or modifying the environment in which the hazard exists
3. Intervening in the processes whereby hazard and environment interact.
The examples of loss prevention activities below illustrate how these tactics
focus upon each of the first three links in the risk chain.
     Loss Prevention Activities That Focus on the Hazard
1. Hazard: Careless housekeeping
Loss Prevention Activity: Training and monitoring programs
2. Hazard: Flooding
Loss Prevention Activity: Dams, water resource management
3. Hazard: Smoking
Loss Prevention Activity: Ban on smoking, confiscation of smoking materi­als
4. Hazard: Pollution
Loss Prevention Activity: Handling protocols for use and disposal of
pol­luting substances
5. Hazard: Icy sidewalks
Loss Prevention Activity: Shoveling, salting, heated walkways
6. Hazard: Radioactive materials
Loss Prevention Activity: Construction of appropriate barriers and contain­ers
7. Hazard: Drunk driving
Loss Prevention Activity: Prohibition, enforcement of ban, prison sentence
Risk Management Methods and Techniques
8. Hazard: Lack of information regarding some activity Loss Prevention
Activity: Research
     Loss Prevention Activities That Focus on the Environment
1. The Environment: A shop floor that could become slippery from oil spillage
Loss Prevention Activity: Installation of absorbent, non-skid mats
2. The Environment: Interstate highways
Loss Prevention Activity: Barrier construction, lighting, signs, and road
3. The Environment: Improperly trained workforce Loss Prevention Activity:
Training .
4. The Environment: Consuming public
Loss Prevention Activity: Adequate product instructions and warnings
5. The Environment: The drug-addicted population
Loss Prevention Activity: Counseling, treatment, detection
6. The Environment: Structures susceptible to fire Loss Prevention Activity:
Fire resistive construction
7. The Environment: Unlighted central city parking facility
Loss Prevention Activity: Lighting, escort, and security service
8. The Environment: Employees driving a fleet of delivery vehicles Loss
Prevention Activity: Driver's education training
     Loss Prevention Activities That Focus on Interactions of Hazard and En­vironment
1. The Interaction: A heating process that may overheat surrounding
equip­ment Loss Prevention Activity: A water-cooling system
2. The Interaction: Improper lifting of heavy crates by employees Loss
Prevention Activity: Lumbar support belts
3. The Interaction: Vehicle skidding on a slippery road Loss Prevention
Activity: Antilock brakes
4. The Interaction: Telephone line repairworkers working in Minnesota in
Jan­uary Loss Prevention Activity: Proper clothing, cold-weather work
5. The Interaction: Consumer use of a hazardous product
Loss Prevention Activity: Safety features, customer assistance
6. The Interaction: A city council deciding on proprietary matters
Loss Prevention Activity: Documentation of decision making, legal counsel review
7. The Interaction: An underground storage tank leaking fuel Loss Prevention
Activity: Double-seal tanks
8. The Interaction: Moving a production facility to an underdeveloped
coun­try Loss Prevention Activity: Host-government relations activities,
The purpose of these illustrations is not so much to identify the full scope
of ac­tivities that constitute loss prevention as it is to give the reader a
general sense of the variety of loss prevention activities; these
illustrations also reinforce the
point made earlier that loss prevention activities will likely be quite
specific to the problem or risk confronting the organization.
Loss Reduction
Loss reduction programs are designed to reduce the potential severity of a
loss. A sprinkler system is a classic example of loss reduction; because fire
is required to activate the sprinklers, such a system does not reduce the
probability of loss. Instead, a sprinkler system reduces the amount of damage
if a fire occurs.
Loss reduction activities are post-loss measures. Although such measures may
be planned prior to any loss, their function or purpose is to minimize the
impact of losses that occur. Loss reduction programs are a tacit admission on
the part of the risk manager that some losses will occur, despite an
organization's best efforts. Therefore, steps should be taken to control the
loss and reduce its potential severity.
Earlier, the concept of a risk chain was invoked to illustrate how loss
pre­vention addressed the first three links in the chain. Loss reduction
focuses upon the third link (occasionally) and the fourth and fifth links
(more commonly): the interaction link, the outcome link, and the consequences
link. A loss reduction effort may address the interaction link only insofar
as the measure intervenes to stop a loss in progress. A clean-agent (gaseous)
fire suppression system offers a good illustration: the interaction of hazard
and environment results in the ig­niting of combustible materials. While this
interaction is occurring, the gaseous suppression system responds and reduces
the ultimate impact of the fire.
The fourth and fifth links are addressed after a loss has occurred and the
risk manager must minimize the outcome and the consequences of the loss. For
example, a worker suffers serious burns to his arms and legs. Assuring that
this worker is sent promptly to a burn treatment center with the appropriate
exper­tise is a loss reduction measure.
One widely used loss reduction measure is salvage. Rarely will a loss be
total, and a risk manager may minimize the loss through salvaging the
prop­erty. A car can be sold for scrap, while a damaged but repairable piece of
equip­ment may be sold to a secondary market. Insurance companies employ
salvage extensively to minimize the impact of losses they pay and risk managers
have emulated this loss reduction technique.
A somewhat related loss reduction technique is commonly identified by the term 
subrogation. When an insurance company pays a claim to a policyholder, there
may be an opportunity for the insurer to seek reimbursement from a neg­ligent
third party in the claim. After the insurer has paid the claim, the insured's
common law right to collect from the negligent third party becomes
"subro-gated" (that is, it is transferred) to the insurer. If the insurer can
successfully col­lect, its recovery has reduced the impact of the claim on the
insurer. In a risk management setting, an employer who has a self-insured
workers' compensa­tion program may seek reimbursement for benefits paid to an
injured worker by filing a lawsuit against a negligent third party who was
responsible for injuring the worker (e.g., the manufacturer of an industrial
machine that injures the worker).
As a practical matter, subrogation might also be reviewed as a loss reduction
measure that addresses longer-term consequences of a loss. Subrogation is one
type of litigation management tool, litigation management being a set
of strategies or tactics that seek to control or reduce the impact of a legal
action arising out of a loss that has occurred. Among the specific methods
employed are arbitration, mediation, and other alternative dispute resolution
tools; litiga­tion strategy and philosophy; settlement strategies; and public
relations efforts to manage the "court of public opinion."
Loss reduction seeks to reduce the impact of loss either through controlling the
event as it occurs, controlling the immediate outcome of the event, or
con­trolling the longer-term consequences of the event. Catastrophe or 
contingency plans are an integrated approach to loss reduction. A
catastrophe plan is an or­ganization-wide effort to identify possible crises or
catastrophes and develop plans for responding to such events. Catastrophe
planning usually involves a fairly lengthy process of research and evaluation
that ultimately yields a con­tingency plan for possible use in the event of a
catastrophe. Among the activi­ties that might become part of a catastrophe plan
1. Cross-training employees
2. Back-up, off-site storage of computerized records
3. Updating of fire suppressant system
4. Securing of credit from lending institutions
5. Training of employees on emergency safety procedures
6. Disaster training/planning with fire department or similar governmental
organizations (Federal Emergency Management Agency—FEMA—for ex­ample)
7. Cold- or hot-site backup computer facility
8. Construction modification, such as installation of firewalls
9. Development of community relations strategy 10. Creation of an Emergency
Response Team or Committee.
As can be seen, catastrophe planning is similar to loss prevention activities
in that specific activities are dictated by details peculiar to the
organization's sit­uation and preferences. Catastrophe plans vary
considerably between organi­zations.
Catastrophe or crisis management is a topic that has become a separate topic of
study in recent years. For example, Laurence Barton's Crisis in
Organi­zations: Managing and. Communicating in the Heat of Chaos (Barton,
1993) presents a thorough introduction to catastrophe management. Barton
details the devel­opment of a crisis management plan, the designation of a
crisis team, and the imposition of a level of crisis-preparedness on an
organization. A technical un­derstanding of catastrophe management is essential
for the risk manager, but there is some danger in decoupling catastrophe
management from the broader subject of risk management. Catastrophe plans are
much less likely to succeed if imposed upon an organization that has no
existing risk management culture in place at the time of a disaster.
A special case of loss reduction, suggested by Dr. George Head (Head, 1986),
is duplication of an existing asset that is not used unless something
hap­pens to the original asset. Spare parts or duplicate machinery illustrate
the con­cept. Duplication often is used in cases in which an indirect loss,
such as loss, of  use arises from direct damage to the asset. In such cases,
duplication reduces the amount of damage if a loss occurs by reducing or
eliminating the indirect loss. Duplication often serves in the dual roles of
loss prevention and loss reduction. Duplication reduces the probability of an
indirect loss because the duplicate may be available for use if the original
asset cannot be used. Backing up com­puter files and storing the backup
records off-site is perhaps the most vivid il­lustration of the value of
duplication, since the loss of employee records, ac­counts receivable,
transaction documentation, or other financial information could be a serious
problem for an organization.
     Separation offers a final illustration of a loss reduction technique.
Separation is a technique by which an organization attempts to isolate its
exposures to loss from each other instead of allowing them to be vulnerable to
a single event. Fire walls within a structure are an example of separation;
dividing the interior of the structure into a number of compartments separated
by fire-resistant materi­als tends to confine the damage to a single
compartment if a fire occurs. Another example of separation is a rule requiring
employees in a retail establishment to move cash accumulations over a stated
amount from cash registers to a more se­cure location, such as a bank vault. A
third example of separation is a rule re­quiring the storage of vehicles in a
fleet in diverse locations rather than a single place. The motive behind
separation is to reduce any dependency between an organization's exposures to
loss by reducing the likelihood that a single event could affect them all.
The act of separation does not necessarily reduce the chance of loss to a
sin­gle exposure unit, although it tends to reduce the chance of a
catastrophic loss. The effectiveness of separation may depend on the type of
asset and the cause of possible loss. For example, storage of inventory in
several warehouses dis­persed throughout a one-square-mile area may reduce
the likelihood of a cata­strophic fire loss. If the warehouses are located in
a coastal area, however, they still may be vulnerable to catastrophic damage
from hurricanes.
Risk Control
     Information Management
Chapter 1 explained how the reduction or resolution of uncertainty has
eco­nomic value, and how information can reduce or resolve uncertainty.
Informa­tion emanating from an organization's risk management department can
have important effects in reducing uncertainty in an organization's
stakeholders. To realize the maximum benefit from a loss control program, for
example, the pro­gram's objectives and its favorable effects can be
communicated to stakeholders having an interest in the outcome: employees,
regulators, insurers, and for a government entity, taxpayers. Having an
effective loss control program in place goes only part of the way toward
meeting the organization's objectives if the in­formation describing its
effectiveness never reaches the organization's stake­holders whose interests
are affected.
Communication from an organization's risk management department con­veys
information describing the effectiveness of loss control measures and the
intent of the department's future actions. Loss occurs as a result of natural
forces and the actions of humans, and uncertainty can arise from imperfect
knowledge along either dimension. Lack of information can cause stakeholders
to become
Risk Management Methods and Techniques
uncertain about the nature of the organization's actions with respect to
matters affecting their interests. Their uncertainty leads them to charge a
higher price for their goods and services or to demand safeguards or
restrictions having an unfavorable effect on the organization. Credible
information from the risk man­agement department can provide these
stakeholders with the assurance that the organization has not and will not
take actions that are detrimental to their interests.
Another area in which communication can reduce uncertainty involves
in­dividuals' awareness of the loss-causing process; the risk chain, for
example. Knowledge of the process by which hazards evolve into injuries can
reduce un­certainty in affected parties, as the awareness allows better
forecasts of the con­sequences of actions. For example, employees' awareness
of the circumstances leading to possible injury can alert them to situations
requiring preventive ac­tion. One possibility for enhancing this awareness is
a reporting method and system of rewards for employees who make suggestions
leading to safer practices.
     Risk Transfer
     Risk transfer is a risk control tool that causes some entity other than
the one ex­periencing the loss to bear the burden of the loss. Transfer may be
accomplished in two ways. First, the property or activity responsible for the
risk may be trans­ferred to some other person or group of persons. For example,
an organization that sells one of its buildings transfers the risks associated
with ownership of the building to the new owner. A general contractor who is
concerned about possi­ble increases in the cost of labor and materials needed
for the electrical work on a job to which he or she is already committed can
transfer the risk by hiring a subcontractor (with a fixed price contract) for
this portion of the project. This type of transfer, which is closely related to
avoidance through abandonment, is a risk control measure because it attempts to
eliminate exposure to potential loss that otherwise could strike the
organization. Risk transfer differs from avoid­ance through abandonment because
a transferred risk results in an exposure for some other entity. An abandoned
risk is passed to no one.
Second, the risk, but not the property or activity, may be transferred—usu­ally
by contractual agreement. For example, a lease may shift to the landlord the
tenant's responsibility for negligent damage to the landlord's premises. A
re­tailer may assume responsibility for any damage to products that occurs
after the products leave the manufacturer's premises even if the manufacturer
other­wise would be responsible. A customer may give up the right to sue a
business for bodily injuries and property damage sustained because of defects
in a prod­uct or a service. The contracts that implement such transfers are
called "excul­patory contracts." In a risk control transfer, the transferee
(the party accepting the risk) excuses the transferor (the party transferring
the risk) from liability. The transferor's exposure is eliminated. The above
examples of exculpatory contracts, if upheld by courts, are risk control
transfers. However, a promise by the transferee to reimburse the transferor for
damage is not a risk control trans­fer, as the transferor still faces
the risk. Such a promise is an example of a risk fi­nancing transfer, which is
covered in the next chapter.
Although the distinction between risk control and risk financing transfer may
appear to be semantic, it can have economic consequences when the trans­feree
becomes insolvent or otherwise unable to pay for the damage. Also, a risk
financing transfer may limit the transferee's liability, after which point
the burden of loss again falls on the transferor. For example, leases of
business property often require the tenant to reimburse the landlord for fire
damage to the rented premises even if the tenant is not negligent. Under a
purchasing agreement, a retailer may secure a promise from a manufacturer to
reimburse the retailer for any payments to third parties arising from defects
in the manufacturer's products. As part of a bailment agreement, a laundry
may accept responsibility for damage to customers' property even if the
laundry, except for the agreement, would not be liable. In each of these
instances, the transferor bears the economic burden of damage if the
transferee is unable to pay.
Risk control transfers involve only the transferor and the transferee; risk
fi­nancing transfer, however, may involve others. A transferee cannot excuse
a transferor from any liability the transferor may have to third parties
because the third parties are not part of the agreement; the law does not
allow the rights of third parties to be reduced by this transfer. The
transferee can, however, agree to finance any losses that otherwise may have
been financed by the transferor.
Unless a risk control transfer is declared illegal, it offers complete
protection for the transferor. The burden of the risk falls completely on the
transferee. Under a risk financing transfer, in contrast, if the transferee
fails for any reason to provide the promised funds following a loss, the
transferor bears the loss. A single agreement may result in a risk control
transfer with respect to some po­tential losses and a risk financing transfer
with respect to others. For example, a lease may excuse the tenant from
responsibility for any damage to the premises (risk control) and obligate the
landlord to finance any liability of the tenant to others arising out of
activities on the premises (risk financing).
Nothing in the above discussion implies that a risk control transfer is
cost­less for the transferor. Where a fixed price contract is used to
transfer the risk of possible increases in the cost of labor and materials to
a subcontractor, for ex­ample, the fixed price of the contract reflects the
value of the risks being trans­ferred. Recognizing this point, rational
parties would be expected to transfer a risk only when the transferee
possesses a relative advantage in controlling or otherwise managing and
bearing the risk. Where the transferee is at a relative disadvantage, the
price of the transaction from the transferor's point of view is affected
adversely; the transferee charges too much to accept the responsibility for
managing the risk.
Risk Control
Reasons other than self-interest motivate organizations to practice risk
control. A number of private and nonprofit organizations promote and
encourage risk control activities. Federal and state governments also promote
and encourage risk control, and in some cases mandate that risk control
activities be under­taken.
Risk Management Methods and Techniques
     Private and Non-Profit Efforts
A partial listing of private and nonprofit groups active in the area of risk
control suggests the range of activities and services. The National Safety
Council is per­haps the most well-known of these groups. The Council includes
among its members individuals, business firms, schools, government
departments, labor organizations, insurers, and others. It assembles and
disseminates information concerning many types of accidents, cooperates with
public officials in safety campaigns, encourages the establishment of local
safety councils, and helps members solve their own safety problems. Other
examples are the American In­surance Association, an organization of insurers
that publicizes the extent and causes of fire losses, investigates suspected
cases of arson, grades municipalities according to the quality of their
exposures to fire and their protection against fire loss, and suggests codes;
the Underwriters Laboratories, another insurance-sponsored organization that
tests equipment (television sets, electric wiring, safes, etc.) to determine
whether it meets safety standards; the National Fire Protection Association,
which establishes standards and codes, stimulates local loss control
activities, and promotes fire safety, educates the public, and en­courages
its members, including public officials, to adopt its suggestions; the
In­surance Institute for Highway Safety, which provides financial assistance
for other organizations engaged in traffic safety work and also provides
direct as­sistance in selected states; and the National Automobile Theft
Bureau, whose name indicates its concern. Individual insurers also maintain
engineering or loss control departments to study risks faced by their
insureds, and suggest ways in which these risks might be reduced. Insurers
also provide posters, films, pamphlets, and conduct safety classes.
Because unions are concerned with all matters affecting working condi­tions,
they also are active in loss control. Unions tend to strongly support
gov­ernment regulations to improve workplace safety; they belong to the
National Safety Council and similar organizations, and they often demand new
or more intensive loss control from employers.
     Governmental Efforts
Government is involved in loss control because (1) the public interest often
re­quires the government to enact legislation requiring all industries to
provide in­formation, meet certain standards, and stop undesirable practices,
and (2) the government can provide certain services, such as those of fire
departments, more economically and efficiently than can scattered private
firms. The govern­ment exercises this responsibility through a variety of
educational efforts (pam­phlets, posters, and conferences) and through
statutes and codes regulating building construction, working conditions,
safety equipment and safety cloth­ing, maximum occupancy in rooms and
elevators, sewage disposal facilities, and the operation of motor vehicles.
This duty is met through inspections de­signed to enforce the statutes and
codes, by police and fire departments, reha­bilitation programs, the
assembling and dissemination of statistical data related to loss prevention
and reduction, and by the conduct and encouragement of re­search activities.
Economists note that certain aspects of some risks lead to a demand for
gov­ernment involvement. Two characteristics that should be mentioned are 
exter­nalities and public goods. Externalities are costs or benefits
that are not captured in the ordinary functioning of a market. Pollution is a
commonly cited example of an externality. A manufacturing firm may pollute the
environment/ harming a neighboring community. The cost to the community will
largely, if not com­pletely, escape the pricing of the good produced by the
A public good is a good or service that cannot be limited to purchasers of
the good. National defense is often cited as an illustration of a public
good. By its nature, a national defense is available to everyone, whether
they pay for that service or not. This inability to discriminate between
buyers and nonbuyers leads to a phenomenon known as the "free rider." Free
riders are those individ­uals or organizations that enjoy the benefits of a
good or service while avoiding the cost or price of that service.
In both cases, externalities and public goods, the government may be
ex­pected to intervene to direct the costs of goods and services (or risks)
to the ap­propriate parties.
Perhaps the best-known government intervention in the realm of risk
man­agement is the Occupational Safety and Health Administration. In late
1970, Congress passed the Occupational Safety and Health Act (OSHA), an
extremely important piece of safety legislation. OSHA applies to private
employers of one or more persons (the self-employed are exempted) engaged in
a business af­fecting interstate commerce, except for some employers subject
to special fed­eral legislation such as the Federal Coal Mine and Safety Act.
About three-fourths of the civilian labor force is affected. Federal
government employees are covered under a separate federal program. State and
local governments histor­ically have been exempt. States may assume
responsibility for developing and enforcing occupational safety and health
standards under plans approved by the Secretary of Labor. The state standards
must be at least as stringent as the counterpart federal standards. Many
states have developed plans that have been accepted by the federal
government. Indeed, many state plans impose standards that are stricter than
the federal law. For instance, federal law re­quires states that assume
responsibility for occupational safety and health to in­clude governmental
entities as covered organizations under OSHA.
Under the Occupational Safety and Health Act/ the Secretary of Labor
es­tablishes safety and health standards and enforces compliance with these
stan­dards. Voluminous standards have been developed. Many are "consensus"
safety standards previously developed as voluntary guidelines for business by
private associations, such as the American National Standards Institute and the
National Fire Protection Association. Other standards are based on federal
reg­ulations developed earlier for contractors and maritime industries. Still
others are new standards proposed by the Secretary after consultation with an
OSHA Standards Advisory Committee. Proposed new or revised standards must be
published in the Federal Register. Interested parties have 30 days in
which they can comment informally on the proposal. Affected parties also have
60 days after a standard is promulgated to challenge the standard before the
U.S. Court of Appeals. An individual employer may apply for a temporary
variance from a standard in order to have more time to comply. The employees of
such an employer must be aware that the employer has applied for this variance
and be al­lowed to appear at the hearing on the application. Illustrative
standards include:
1. All places of employment, passageways, storerooms, and service rooms shall
be kept clean and orderly and in a sanitary condition.
2. Portable wood ladders longer than 20 feet shall not be supplied to workers
(the standard on portable wood ladders alone fills more than 15 pages).
3. In the absence of an infirmary, clinic, or hospital in near proximity to
the workplace which is used for the treatment of all injured employees, a
per­son or persons shall be adequately trained to render first aid.
To check compliance with these standards, federal inspectors have the right
to enter without notice, but at reasonable times, any covered establishment.
An employee can also request such an inspection by describing in writing what
he or she considers to be a serious violation of some standard. The name of
the complaining employee may not be revealed to the employer. During an
inspec­tion the employer and an employee representative may, upon request,
accom­pany the inspector. As a result of a court decision in the late 1970s,
an employer can require the inspector to obtain a warrant for the search.
If an inspector discovers a violation that is more than de minimus, the
in­spector is directed to issue a written citation decribing the violation 
(de minimus means no direct or immediate relationship to job safety and
health, e.g., no toi­let partitions). This citation must be posted near the
location of the violation. Within a reasonable time the employer must remove
the hazard.
If death or serious physical harm could have resulted from the violation, the
citation means a mandatory penalty up to $1,000. Less serious violations may
entail smaller penalties, but the penalties still can range up to $1,000. If
the em­ployer fails to correct the violation within the time stated in the
citation, he or she may be penalized up to $1,000 each day the
violation continues. Penalties of $10,000 per violation may be levied for
willful or repeated violations. If a will­ful violation results in the death of
an employee, the employer is either fined $10,000 or imprisoned up to six
months. These penalties are doubled if such a fatal willful violation is
repeated. An employer can appeal citations before a judge acting on behalf of
the three-member Occupational Safety and Health Commission, which administers
the safety standards portion of the act. Any one of the three commission
members can demand a review of the judge's decision by the entire commission.
Commission orders may in turn be appealed to the U.S. Court of Appeals.
In addition to meeting certain health and safety standards, employers of
eight or more employees must maintain and make available to government
rep­resentatives accurate records of work-related deaths, illnesses, and
injuries that cause the employee to miss work. These employers also must
maintain records of injuries without lost workdays that result in medical
treatment beyond first aid, diagnoses of occupational illness, and injuries
involving loss of conscious­ness, restriction of work or motion, or transfer
to another job.
Under a High-Risk Occupational Disease Notification and Prevention bill, also
known as the "Right to Know" bill, the Department of Health and Human Services
identifies hazardous substances and notifies current and past employees who
have been exposed to these hazardous substances. Private employers        
193 are required to pay for medical screening of these employees and either
provide      chapter 8 other employment for a worker with an
occupational disease or permit the     Risk Control worker to
resign and receive one year's salary. Many employers object to the high costs,
including workers' compensation costs/ that this program imposes.
OSHA requires that employees be notified of their rights under the law. They
must also not be discharged or harassed because they exercise these rights.
In the 1993-1994 session, both houses of Congress began considering sev­eral
major reforms of OSHA. Although it is impossible to describe the outcome of
these deliberations, certain features appear likely to emerge. First,
employers may be required to take further steps to promote workplace safety,
including the development of safety plans and the creation of safety
committees to over­see the execution of safety plans. Reporting procedures
are likely to change as well. The biggest change is likely to occur in the
area of inspection and enforce­ment. Under various proposals,
responsibilities for compliance may shift to the employers. For instance, it
is possible that employers will be required to con­tract with a private
inspection service and submit to an inspection—the report of which would be
submitted to OSHA. Such a reform measure would allow OSHA to reduce its own
inspection activities, while actually increasing the amount of safety
inspecting that would be done.
As a final note, readers should be made aware of the great difficulty risk
managers can face in keeping abreast of government mandates. At any given
moment an organization may be required to understand and comply with dozens
of regulatory mandates pertaining to risk control. Further, new direc­tives
and laws are emerging all the time, so risk managers need to spend a cer­tain
amount of time studying legislative activity. For example, between 1994 and
1998, most governmental risk managers will face over 20 new regulatory
re­quirements (PRIMA, 1993). A partial listing of those requirements
1. Five compliance provisions arising from the Americans with Disabilities Act.
2. Four new compliance directives from the EPA covering underground stor­age
3. Three new requirements promulgated by the EPA for municipal solid waste
4. Two new EPA requirements for the control and disposal of sewage sludge.
5. A special OSHA directive for working in confined spaces.
6. A second OSHA requirement covering the reporting of workplace injuries and
7. Two new Department of Labor requirements arising from the Family and
Medical Leave Act.
8. Two IRS directives which apply to pension nondiscrimination rules.
     Key Concepts
     risk control Those techniques, tools, strategies and processes that seek
to alter the organization's exposure to risk by
avoiding, preventing, reducing, or other­wise controlling the frequency
and/or magnitude of risks and losses or gains.
Risk Management Methods and Techniques
     subrogation The legal transfer of a right, discussed in this chapter as a
loss reduc­tion tool.
     catastrophe management plan An orga­nization-wide loss reduction plan for
controlling the indirect, consequential, and time element losses associated
with a catastrophic event.
     information management (as a risk re­duction tool) The use of information
for the express purpose of reducing un­certainty, or for enhancing stakeholder
awareness or knowledge of organiza­tional risks.
     the Occupational Safety and Health Ad­ministration (OSHA) A significant
government program that promulgates and enforces workplace safety stan­dards.
     risk selection The control technique best described as the conscious
acceptance of risk in accordance with an organiza­tion's overall goals,
objectives, and risk-taking philosophy.
     risk financing Those tools and tech­niques used to finance the cost of
risks and losses.
     risk avoidance A risk control technique whereby a risk is proactively
avoided or abandoned after rational consideration.
     loss prevention Those strategies and ac­tivities intended to reduce or
eliminate the chance of loss.
     loss reduction Those activities that min­imize the impact of losses that
do occur.
     the risk chain A simple model of acci­dents that interprets those
accidents as consisting of five elements or "links":
the hazard, the environment, the inter­action, the outcome, and the
Review Questions
1. Distinguish between risk control and risk assessment. How are they related?
2. What is the relationship between risk control and risk financing?
3. Give three examples of how risk avoidance might actually harm an
4. How is proactive avoidance different from abandonment?
5. Consider some current event in which a loss has occurred, for example.
Hurricane Andrew, the Los Angeles riots, the earthquake in Cairo, Egypt.
Using the risk chain concept, break the event down into:
a. The hazard
b. The environment
c. The interaction
d. The outcome
e. The consequences.
6. With respect to the event you identified in question 5, does this analysis
suggest any possible risk control activities?
7. Classify each of the following as to whether they are loss prevention or
loss reduc­tion activities:
a. Oily rags and paper are cleaned up or disposed of each day.
b. Nonslip treads are placed on each stairway.
c. Brakes on delivery vehicles are inspected each week.
d. Safety meetings are held each month.
e. A take-over target is evaluated for its past risk management activities.
f. Machines are equipped with safety guards.
g. All key employees are required to take an annual physical evaluation.
h. A new product is manufactured during a slack period.
i. Board of director decisions are recorded and documented.
8. Describe briefly the responsibilities imposed on employers by OSHA.
9. Why is separation considered a loss reduction activity?