Risk Management and Insurance - Coursework Example

Risk management Risk management Table of contents Introduction…………………………………………………………………………………4 Identification of risk…………………………………………………………………………..4 Risk assessment………………………………………………………………………………..6 Composite risk index…………………………………………………………………………….8 Risk options………………………………………………………………………………………9 Potential treatment of risks………………………………………………………………………10 Risk planning……………………………………………………………………………………12 Documentation of risk planning…………………………………………………………………13 Red flag list of items……………………………………………………………………………14 Risk charters……………………………………………………………………………………..14 Risk management plan…………………………………………………………………………..15 Implementation…………………………………………………………………………………..16 Review and plan evaluation……………………………………………………………………18 Bibliography…………………………………………………………………………………….19 Introduction The main question for this assignment is what, apart from insurance, is the best alternative course of action to manage the risk of fire? Since the insurance premiums seem to be high, the organization has to come up with another alternative course of action to manage its risks. After identification of the potential risk facing the organization, the next step is to assess the risk to identify its likelihood. Later, an identification of the possible risk solution is conducted followed by creation of a risk management plan. The management plan outlines the possible courses of action. This step is later followed by the implementation stage where the identified courses of action are implemented. An evaluation is then conducted to determine whether the course of action identified is effective. If it is effective, it is improved but if not, it is changed to accommodate a more effective action. Identification of risk The first step in this endeavor to come up with the best alternative course of action is identification of the potential risk. Risks are events that cause problems or even benefits whenever triggered (Broad 2013). Hence, to identify the risk, it is important to consider the source of the problem. Source analysis includes analyzing any possible source of the risks, which could be internal or external. Problem analysis, on the other hand, identifies that risks are related to various identified threats. For instance, losing money is a threat. After identifying the source and the problems, then the events leading to a problem may be thoroughly investigated. Then a method is chosen to identify the risk involved depending on compliance, culture and the practice of the industry. (Hopkin 2012) There are various common methods of risk identification: i. Identification based on objectives of the organization in question. Any event that may hinder an organization from achieving its objectives is a risk. ii. Scenario based where a list of scenarios is created and used to identify a risk involved. The scenarios created may be other means of achieving the set objectives. Any event that brings up an undesired scenario is seen as a risk. iii. Taxonomy based where a breakdown of all possible causes of risks is conducted. A questionnaire is then compiled and answers to it reveal the risks involved. iv. Risk checking- a list of common risks is complied and then each risk checked for possible application in a particular situation. The risk identified in this case is the risk of fire. It is important that courses of action are put into place to prevent possible losses of assets and lives due to a fire outbreak. Risk Assessment After identifying the risk, it is then assessed based on the severity of the impact they bring along and the probability of it occurring. The probability of fire occurring in an organization is quite high due to use of electricity in the organization more so if the organization is a large one. The possibility of electricity fault occurring is high leading to a fire outbreak in such an organization (Information 2010). It is important to make the best decision in the assessment process in order to make and implement a risk management plan. There is a difficulty in determining the occurrence rate since there are no statistical data on all kinds of accidents in the past. It is also difficult to determine the severity of impact on intangible assets. (Davis & Jarvis 2009) Asset valuation is also an important point of consideration. Thus, it is important that educated opinions and statistics become the primary information sources. The assessment conducted should enable the management with easy to understand primary risks and enable prioritizing the important risk management decisions. In case of the risk of fire, it important for the organization to carry out the following assessment: i. Identify the hazards brought about by fire ii. Identify the potential individuals at risk iii. Evaluate and reduce the risks involved iv. Record findings and come up with an emergency plan and train individuals at risk v. Regularly review and update the assessment of the fire risk It is also important for the organization to calculate the risk quantification, which the probability of the risk occurring multiplied by the impact of the risk is equal to the magnitude of the risk. Composite risk index The formula given above can be rewritten as follows: Composite risk index=impact of the risk multiplied by the probability of occurrence of the risk. The impact is assessed on a scale of one to five where one is the minimum and five the maximum impact of occurrence. These numbers, however, have to be represented in a linear scale (Shelly & Rosenblatt 2010). On the other hand, the probability of occurrence is also assessed on a scale of one to five. One is a low probability while five represent the risk’s highest probability to occur. The composite index is composed of numbers from one to twenty five sub-divided into three sub ranges. The overall assessment of the risk is high, low, or medium depending on the sub-range that contains the calculated value of the shown composite index. The probability of occurrence of a risk is difficult to make estimation due to the unavailability of past frequencies of data. The impact of the risk is also difficult to estimate. The two factors can also change depending on the risk avoidance and the prevention measures taken plus the changes seen in the external environment of the business in question. Thus, it is important to reassess the risks involved and make the necessary changes in prevention procedures set out. This is done by calculating the composite index, which determines the risk’s probability Risk options The appropriate measures of risks mitigation are conducted according to the following set risk options: i. Design a new business that incorporates built in measures of controlling risks from the start ii. Make the periodic assessment of risks a routine measure of the organization and modify the measures of mitigation iii. Transfer risks to an external agency for instance an insurance company. In this case, this option is not applicable due to the high insurance premiums involved. That is why the organization is looking for an alternative course of action. The financial benefit associated with management of risks depends on the used formula and the frequency of risk assessment. (Hassett 2008) Potential treatment of risks i. Avoid potential risks ii. Reduce the risks involved and absorbing them iii. Reduced by a certain alternative approach iv. Retention by accepting them and conducting a budget v. A combination of the above options vi. Handled by the combination of all these options These options lead the organization to come up with the following strategies: Avoidance- the team comes up with a plan to eliminate the risks involved or protect the impact of the risks from affecting the organizational objectives (Michael Land 2013). Though avoidance acts seems to be the answer of all risk, the organization could miss the advantages that may result from accepting and retaining the risk. Mitigation involves the team reducing the probability of an event of a risk. It involves reducing the probability of the risk occurring. The management team can identify that risks can either have positive or negative consequences that reaching a risk optimization level. An example of risk reduction is outsourcing. The outsourced company demonstrates high capability of managing the risks involved to the benefit of the outsourcing company. Risk sharing- the organization can transfer the risk involved to a third party either through outsourcing or insurance. Other ways of risk transfer falls into various multiple categories. For instance, in risk retention pools, a group is helped to retain its risks. However, spreading the risks over the entire group involves transferring it among individual group members. This may be different from insurance since there are no premiums charged between the involved members. Losses are assessed and spread to all group members. Risk retention-involves accepting the loss or the benefit of a risk. It involves the process of true self-insurance. It is a possible strategy where the risks involved in insuring against a risk is great than the sustained total losses. All those risks that are retained by default. This includes all those risks that are large or even catastrophic that it is impossible to insure against them. Retained risk also includes any amount undergone over the insured amount. This is possible where the chances of a large loss are minor or if the costs involved in insuring a large loss are great that they can prevent the organization from achieving its goals. Risk planning It involves development, implementation, and the monitoring of the recommended risk response strategies (Tomczyk 2013). It involves: Developing and documenting an organized and a comprehensive strategy of risk management Determine all the applicable methods of executing the management of risk Plan for the availability of adequate resources The process of risk planning includes describing and coming up with a schedule of activities to asses, monitor, mitigate, and even document the risks involved in a project. For high degree of risks involved, the results should be documented in a formal management plan of risks. It commences by developing and documenting a strategy of risks. The initial efforts involves coming up with purpose and objectives, identify the level of expertise needed and come up with the necessary report requirements and even metrics. Documentation of risk planning It is recommended that all risks are documented but the details available depend on the attributes of each project. Large projects with very high uncertainties levels are documented on a formal management plan of risks. These plans record all aspects of identification, assessment, analysis, allocation, and documentation of risks. Much smaller projects only require documentation in an item list of red flag item that is updated at critical milestones throughout the entire project. Red flag list of item It is created at the earliest stage of development of a project and maintained as a checklist during the development of a project. Not all projects of risk management require a detailed risk management process and the red flag is the easiest way out. It identifies risks and focuses the attention on important items that can affect the cost and schedule of a project. These issues are identified in a red flag list, which is kept as the project progresses. As a result, the leader of the project has an upper hand in coming up with the right contingencies and risks control. Risk charters It is a more formal method of risk identification than the red flag. It is part of a management of a risk plan. It provides the managers of the risk with significant risks with important information about the cost and impact of such risks. It also tracks the magnitude of potential risks and schedules the impact of the risks throughout the development of the project. It has more detailed information about the potential impact of the identified risks and the planning of the mitigation process. It enables the identification, communication, monitoring, and the control of risks. It is based on either a qualitative or quantitative risk assessment. It contains the following information: Description of risks Status of risk Date the risk was identified The phase of the ongoing project of the organization Functional assignment Risk trigger The percentage of the probability of the risk occurring Impact of the identified risks The response actions Responsibility Risk management plan The team strategy to manage risk provides the team of the project with the direction and the basis for planning. The plan is developed during the planning process and updated in the subsequent phases of project development. It involves the selection of appropriate countermeasures to deal with each identified risk. The mitigation of risks requires appropriate approval by the management. Such a risk involving fire should have the top management of the organization deal with it since it poses a potential threat to the whole organization. The management plan comes up with appropriate security controls for the risk, which are effective. There should be a risk treatment plan to document decisions about how each risk identified was handled. Mitigation of risks involves selecting security controls, which are documented in an applicability statement. Such a statement identifies various measures of control objectives selected and the reasons for those selections. The organization needs to consider the various control measures applicable: Create emergency routes plus exits Come up with fire detection and systems of warning incase of a fire outbreak Having firefighting equipment in place The removal or storing dangerous substances that can explode safely Coming up with an emergency evacuation plan in the event of an emergency fire outbreak Providing valuable information on all the employees and other individuals in the premises Providing effective training on fire safety for the staff in the organization Implementation It follows all the planned methods of mitigating the effects of the risks of fire. Since insurance policy is not an option for this organization due to the high price associated with the premiums. That is why the organization has to implement another course of action. The best course of action is for the organization to come up and implement the avoidance plan and strategy. The organization can consider the control measures set up in the risk management plan to ensure that the likelihood of a fire outbreak in the organization is small. The organization can ensure that they come up with an evacuation plan in case of a fire outbreak. They should train their employees on measures of fire safety and align fire-fighting devices in strategic places in the organization. The organization can also ensure that they have set up various emergency exits in the organization and created awareness on the employees on the dangers associated with a fire outbreak. With such preventive measures, the organization can come up with an effective avoidance strategy of the risk. Review and plan evaluation The initial management plans of risks are never perfect. That is why it is important for the organization to practice, experience and have actual losses necessitating for making changes in the plan. It also allows for the contribution of information to enable various decisions in dealing with the identified risk. The organization should ensure that they regularly update the results of risk management plans. The reasons for this move include identifying whether the selected security controls still posses their applicability and effectiveness. The second reason is to evaluate the changes of the possible levels of risk in the organization. If the risk levels remains the same even after the application of the security controls identified, then the controls should be changed and the organization should come up with a new strategy. However, if the risk levels reduce, then the organization should only improve on the available strategies. Bibliography Broad, J.2013. Risk management framework. Amsterdam: Syngress . Davis, A. E., & Jarvis, P. R.2009. Risk management. Chicago: American Bar Association. Hassett, M. J. 2008. Probability for risk management. S.I: Actex. Hopkin, P. 2012. Fundamentals of risk management. Philadelphia: Kogan Page. Information, B. 2010. Approaches to enterprise risk management. London: Bloomsbury Information. Michael Land, T. R. 2013. Security Management. New York: CRC Press. Shelly, G. B., & Rosenblatt, H. J. 2010. Systems analysis and design. Boston, Mass: Thomson Course Technology. Tomczyk, C. A. 2013. Project managers spotlight on planning. San Francisco, Calif: Jossey-Bass. Read More