Íàó÷íàÿ Ïåòåðáóðãñêàÿ Àêàäåìèÿ

Ðåôåðàò: Risk Control

Ðåôåðàò: Risk Control

CHAPTER 8

Risk Control

Learning Objectives

After you have completed this chapter, you should be able to:

1. Distinguish between risk control and risk financing methods.

2. Explain the relationship between risk control and risk assessment.

3. Identify the positive and negative attributes of risk avoidance.

4. Distinguish between loss prevention and loss reduction activities.

5. Understand the benefits and costs of loss prevention and loss reduction.

6. Explain the purpose of the Occupational Safety and Health Administration

(OSHA).

7. Identify examples of governmental involvement in risk control.

INTRODUCTION

Risk control methods seek to alter an organization's exposure to risk. More

specifically, risk control efforts help an organization avoid a risk,

prevent loss, lessen the amount of damage if a loss occurs, or

reduce undesirable effects of risk on an organization. The application of

techniques to achieve these ends may range from simple and low-cost to complex

and costly. Risk control methods are exemplified by security systems to prevent

unauthorized entry or access to data; by sprinklers and other fire control

systems; by training programs to edu­cate employees on techniques to reduce the

likelihood of injury; by the devel­opment and enforcement of codes regulating

construction, with the purpose of decreasing the vulnerability of structures to

forces of nature; and so on.

In concept, risk control is an intermediate point between risk assessment and

risk financing. Risk control efforts are prompted by an awareness and

recognition of an exposure to risk. In turn, risk control efforts determine

the ex­tent to which undesirable effects of the risk are manifested within

the organiza­tion. Ultimately, these undesirable effects translate into

financial results. This sequential description implies that risk control is

linked to risk assessment and to risk financing in important ways. These

linkages become key points in un­derstanding the thought process of a risk

manager.

WHAT IS RISK CONTROL AND WHEN IS IT USED?

Effective risk control reduces an organization's exposure to risk. More

formally, risk control includes techniques, tools, strategies and processes

that seek to avoid, pre­vent, reduce, or otherwise control the frequency

and/or magnitude of loss and other un­desirable effects of risk; risk control

also includes methods that seek to improve under­standing or awareness within

an organization of activities affecting exposure to risk.

The use of risk control methods in an organization can be based on criteria

applying generally to nearly all areas of activity including risk management:

a balancing of benefits against costs. In some instances/ external influences

such as state and federal governments mandate the use of risk control methods

or provide other incentives affecting the use of risk control. Where such

direct in­centives are absent, an even-handed balancing of benefits and costs

of risk con­trol often tends to understate its true benefits. This statement

is based upon three considerations: (1) the cost of risk financing is

commonly greater than the cost of losses, (2) losses typically generate

indirect or hidden costs that may not be revealed until the distant future,

and (3) losses can have effects outside an or­ganization.

Point 1 can be illustrated by considering insurance. The dollars spent for

in­surance include the insurer's charges for overhead, profits, taxes,

commissions, and so on. To the extent that risk control can prevent a loss,

the costs of the loss are saved but so are at least some of the

administrative and transactional costs. Even in situations in which an

organization self-finances losses, the savings de­rived would have to include

administrative costs necessary to self-administer the claims.

Points 2 and 3 are important. Almost invariably, a direct loss will generate

indirect, consequential, and time element losses. Some of the loss costs may

fall on society or on others, as when an organization pollutes the

environment. To the extent that losses are prevented or controlled, these

costs are eliminated and the case for risk control is further strengthened.

THE RELATIONSHIP OF RISK CONTROL TO RISK ASSESSMENT

In Chapter 3 the subject of risk assessment was introduced and discussed.

That discussion explained that risk assessment involves a thorough and

critical analysis of the process through which gains or losses are produced.

The study and analysis of the sequence of events leading to such outcomes is

influential in the development of risk control solutions, since an

understanding of how out­comes occur very often leads to insights into

possible risk control methods. The linkage between risk assessment and risk

control becomes more explicit by considering the "risk chain," a concept

that describes the process leading to loss as a linked chain of events. The

"links" in this chain are:

1. The hazard

2. The environment

3. The interaction

4. The outcome

5. The consequences.

The hazard is the condition that might lead to a loss, for instance, an

improperly maintained piece of heavy machinery. The environment is the

context in which the hazard exists, for instance, the shop floor where the

improperly maintained piece of machinery is located. The interaction is the

process whereby the hazard interacts with the environment, sometimes having

no effect and sometimes re­sulting in loss. For instance, a worker operating

this improperly maintained equipment might suffer injury because a protective

screen is not in place when a drill bit breaks. The outcome link is the

immediate result of the interaction, in this case a serious eye injury.

Finally, the consequences link refers not to the im­mediate outcome (the

injury) but rather the longer-term consequences of the event; a workers'

compensation claim, repair of the equipment, an OSHA penalty, and so on.

The risk chain is discussed here to show the relationship between risk

as­sessment and risk control. As part of risk assessment, a risk manager is

likely to analyze the nature of hazards within the organization, the

environment in which these hazards exist, the potential outcomes when hazards

interact with environment, the immediate outcomes of accidents and the

longer-term conse­quences. While this analysis is occurring, however, the risk

manager is quite likely to be considering possible strategies for managing a

particular risk. For instance, an analysis of the previously described risk

might suggest to the risk manager that machinery maintenance is a major part of

managing the risk, so adopting maintenance protocols for this equipment may

become the center-piece of the risk management plan for this particular area.

Readers interested in the risk chain concept are directed to Merkhofer's

Decision Science and Social Risk Management (Merkhofer, 1987), which

develops a similar idea.

THE RELATIONSHIP OF RISK CONTROL TO RISK FINANCING

Risk financing methods are used by organizations to provide resources for

re­imbursing the cost of loss (insurance, for example). Most organizations

utilize some financing mechanism that transfers the risk to another party or

they retain the risk and absorb the cost of losses internally. Risk control

has a powerful re­lationship with risk financing because the control of risks

can have a significant effect on the frequency and severity of losses that

must be "financed."

The positive effects of effective risk control on an organization's risk

fi­nancing costs are likely to occur irrespective of the particular risk

financing methods used. If losses are retained, the benefit is obvious—losses

do not occur

and loss financing is not needed. Also, for most medium and large

organiza­tions, the pricing of insurance or other financing mechanisms is based

upon the principle that, over time, the organization will pay almost the (if

not the) full cost of its losses. That is, except for the rare

catastrophic loss, most organizations above a certain size ultimately pay for

all the losses they suffer. Therefore, any effort to control a risk will

usually have a positive effect on the cost of financing. While this may seem

obvious, the relationship sometimes escapes the attention of managers. As an

illustration, many managers hold the view that an injured worker collecting

workers' compensation benefits is "no longer the organiza­tion's problem"

because "workers' compensation will take care of the worker." This comment

could be made only if the manager fails to see that her organiza­tion's loss

experience and risk control efforts directly influence the cost of its workers'

compensation insurance.

As with risk control and risk assessment, the actual implementation of risk

control and risk financing activities rarely occurs in a sequential manner.

For ex­ample, an insurer may stipulate that certain risk control activities

occur as a con­dition of the insurance (risk financing) contract. These

activities might include the installation of a sprinkler system in a

warehouse or the adoption of stan­dardized safety procedures.

RISK CONTROL AND SPECULATIVE RISKS

The term "risk control" traditionally has been applied to methods addressing

possible losses rather than gains. However, nothing about the concept of risk

control requires it to be limited to "pure" risks. It is true that risk

control meth­ods are limited by an organization's ability to exert an

influence on the fre­quency and severity dimensions of the risk; for

instance, an organization may have almost no control over the risk of changes

in the price of a widely held common stock. However, this does not preclude

the application of risk control to "speculative" risks. This is especially

the case because the organization fre­quently has control over its exposure

to "uncontrollable" risks. The organiza­tion can avoid the uncontrollable

investment risk mentioned above by not in­vesting in that particular company.

The concept of risk control applies to all risks, whether or not gains are

pos­sible. For a business, profit is the difference between revenues and

costs, both of which are uncertain. Most actions of managers affect both

revenues and costs. The pure/speculative risk dichotomy fails to

unambiguously classify the type of risks addressed by efforts such as quality

control, which can have effects on both future revenues (through enhancement

of perceived value) and future costs (through reduced warranty claims and

reduced injury costs).

Risk control applied to speculative risk is exemplified by a business

enter­ing a joint venture with a foreign-based marketing organization as a

means of gaining entry to a foreign market. On the one hand, the entry into a

foreign market is a deliberate acceptance of a new exposure to risk. On the

other hand, the joint venture agreement provides access to the skills,

knowledge, and con­tacts of the foreign-based organization; it also creates

an incentive for the for­eign organization to work towards the success of the

project. As a consequence,

the use of the joint venture tendsTcTmitigate tne exposure. inc luini ui 110^

^^. trol illustrated by this example can be described as rzsfc selection

or selective expo­sure: the deliberate choice by an organization of

risks for which its knowledge and skills provide a relative advantage in

risk-bearing. A well-designed mission statement for an organization can offer

guidelines for selecting risks that are aligned with the organization's

mission.

Most organizations today would be unfamiliar with this interpretation of risk

control. For one thing, this definition seems to suggest the existence of an

organization "master plan" for risk control. That is unlikely to be the case,

be­cause most organizations continue to rely on specialists to control risk:

market­ing managers control marketing risk, finance managers control

financial risks, risk managers control pure risks, and so on. However, the

fact that organiza­tions do not, generally, coordinate their risk control

activities does not mean there is no value in doing so.

CHAPTER 8

Risk Control

RISK CONTROL TOOLS AND TECHNIQUES

Risk management has been described as an "art," because creativity seems to

play an important role. The illustrations that follow emphasize that view.

The activities that constitute one organization's risk control efforts may be

quite dif­ferent from the efforts of a similar organization in another part

of the world. Or­ganizations vary as to their desire for risk control, and

any particular risk may be managed through a variety of techniques. Indeed, a

comprehensive list of risk control applications would be virtually endless,

limited only by the collec­tive imagination of the risk management community.

Although risk control programs can vary from organization to organization as a

consequence of creativity and innovation, a typology of risk control tools and

methods still exists. Risk control tools and techniques can be categorized as

risk avoidance, loss prevention, loss reduction, information management, and

some types of risk transfers.

Risk Avoidance

One way to control a particular risk is to avoid the property, person, or

activity giving rise to possible loss by either refusing to assume it even

momentarily or by abandoning an exposure to loss assumed earlier. The first of

these avoidance activities is proactive avoidance, while the second is

abandonment.

Government and business risk management practices reveal several exam­ples of

proactive avoidance. A leading chemical firm once planned to conduct a

series of experiments in a rural area containing a single small town. While

preparing for the experiments, the researchers discovered that the venture

might possibly cause extensive property damage to the community. The risk

manager was asked to purchase insurance against this possibility, but only a

few insurers were willing to provide the protection, and the premiums for

in­surance were much greater than the firm was willing to pay. Consequently,

the firm decided against conducting the experiments.

A governmental entity recently was bequeathed a small amusement park.

182

PART THREE

Risk Management Methods and Techniques

The park, which contained a number of antiquated rides for children, was

in­spected by the risk manager who determined that the rides were extremely

haz­ardous. After some negotiation between the government and the estate

execu­tor, the estate sold the rides for scrap and donated the vacant lot to

the government. That government converted the lot to an "open space" park,

which contains several gardens, fountains, and walking paths. In this case,

one might argue that the government did not proactively avoid the source of

the risk (the park), but it did avoid the hazards (the rides). Through such

an example, read­ers can see that avoidance is not always a clear-cut matter.

Indeed, in many cir­cumstances, successful avoidance may be as much a matter

of how the risk is defined as it is a matter of applying a technique.

Avoidance through abandonment is, perhaps, not quite as common as

proac­tive avoidance, but it does occur. A risk manager of a university may

recom­mend against serving alcoholic beverages at university-sponsored

functions be­cause of dram shop liability. A pharmaceutical firm may choose to

discontinue the production of some particular product when reports of serious,

and hereto­fore unknown, side-effects begin to surface. An apartment management

firm may decide to remove a swimming pool from its premises upon learning that

a majority of the renters have small children.

Avoidance is an effective approach to the handling of risk. By avoiding a

risk, the organization knows that it will not experience the potential losses

or the uncertainty that the risk may generate. However, it also loses the

benefits that may have been derived from that risk. Indeed, this very fact

often makes avoid­ance an unacceptable option. A particular activity—the

production of some product, the provision of some service—may provide

economic rewards whose expected value far exceeds potential loss costs at the

margin.

There are other circumstances when avoidance simply is not possible. The more

broadly the risk is defined (say, "property damage"), the more likely this is

to be the case. For instance, the only way for an organization to avoid

prop­erty damage is to sell all its physical assets. Or, for most college

students, the most significant risk they face is likely to be their future

earning potential, a risk that cannot be avoided. More narrowly, governments

(and particularly the courts) may impose legal expectations that cannot be

avoided. An employer cannot avoid the costs of financing the risk of

unemployment because partici­pation in the unemployment insurance program is

mandatory. The Occupa­tional Health and Safety Administration (OSHA) imposes

the risk of fines for employers who fail to meet safety standards. Finally,

such legal concepts as strict liability may impose a potential obligation or

duty upon an organization that cannot be avoided.

The context of the decision to avoid also may make avoidance impossible. A

risk does not exist in a vacuum, and a decision to avoid a risk might

actually create a new risk elsewhere or enhance some existing risk. For

instance, a city council was told that one of two bridges crossing a river in

the city center was in a state of serious disrepair. In response, the council

decided to close the bridge and divert all traffic to the second bridge. The

increased traffic load made failure of the second bridge more likely to

occur, and within a year that second bridge collapsed. Risks that most

organizations encounter often are interrelated

in some way, and the removal of one can adversely affect the risks remaining

in the "risk portfolio."

Finally, a risk may be so fundamental to the organization's reason for being

that avoidance cannot be contemplated. A mining concern may wish to avoid the

risk of tunnel collapse, but true avoidance would mean leaving the mining

business.

183

CHAPTER 8

Risk Control

Loss Prevention and Loss Reduction

Loss prevention and reduction measures attack risk by reducing the num­ber of

losses that occur (i.e., loss frequency is reduced) or by mitigating the

amount of damage when a loss does occur (i.e., loss severity is reduced).

From a public policy perspective, loss prevention and reduction have the

distinct ad­vantage of preventing or reducing losses for both the individual

organization and society while permitting the organization to commence or

continue the ac­tivity creating the risk.

Loss Prevention. Loss prevention programs seek to reduce the number of

losses or to eliminate them entirely. The earlier discussion of the risk chain

is im­portant to recall here, because loss prevention activities seek to

intervene in the first three links in the chain: the hazard, the environment,

and the interaction of hazard and environment. That is, loss prevention

activities are focused on:

1. Altering or modifying the hazard

2. Altering or modifying the environment in which the hazard exists

3. Intervening in the processes whereby hazard and environment interact.

The examples of loss prevention activities below illustrate how these tactics

focus upon each of the first three links in the risk chain.

Loss Prevention Activities That Focus on the Hazard

1. Hazard: Careless housekeeping

Loss Prevention Activity: Training and monitoring programs

2. Hazard: Flooding

Loss Prevention Activity: Dams, water resource management

3. Hazard: Smoking

Loss Prevention Activity: Ban on smoking, confiscation of smoking materi­als

4. Hazard: Pollution

Loss Prevention Activity: Handling protocols for use and disposal of

pol­luting substances

5. Hazard: Icy sidewalks

Loss Prevention Activity: Shoveling, salting, heated walkways

6. Hazard: Radioactive materials

Loss Prevention Activity: Construction of appropriate barriers and contain­ers

7. Hazard: Drunk driving

Loss Prevention Activity: Prohibition, enforcement of ban, prison sentence

184

PART THREE

Risk Management Methods and Techniques

8. Hazard: Lack of information regarding some activity Loss Prevention

Activity: Research

Loss Prevention Activities That Focus on the Environment

1. The Environment: A shop floor that could become slippery from oil spillage

Loss Prevention Activity: Installation of absorbent, non-skid mats

2. The Environment: Interstate highways

Loss Prevention Activity: Barrier construction, lighting, signs, and road

markings

f

3. The Environment: Improperly trained workforce Loss Prevention Activity:

Training .

4. The Environment: Consuming public

Loss Prevention Activity: Adequate product instructions and warnings

5. The Environment: The drug-addicted population

Loss Prevention Activity: Counseling, treatment, detection

6. The Environment: Structures susceptible to fire Loss Prevention Activity:

Fire resistive construction

7. The Environment: Unlighted central city parking facility

Loss Prevention Activity: Lighting, escort, and security service

8. The Environment: Employees driving a fleet of delivery vehicles Loss

Prevention Activity: Driver's education training

Loss Prevention Activities That Focus on Interactions of Hazard and En­vironment

1. The Interaction: A heating process that may overheat surrounding

equip­ment Loss Prevention Activity: A water-cooling system

2. The Interaction: Improper lifting of heavy crates by employees Loss

Prevention Activity: Lumbar support belts

3. The Interaction: Vehicle skidding on a slippery road Loss Prevention

Activity: Antilock brakes

4. The Interaction: Telephone line repairworkers working in Minnesota in

Jan­uary Loss Prevention Activity: Proper clothing, cold-weather work

protocols

5. The Interaction: Consumer use of a hazardous product

Loss Prevention Activity: Safety features, customer assistance

6. The Interaction: A city council deciding on proprietary matters

Loss Prevention Activity: Documentation of decision making, legal counsel review

7. The Interaction: An underground storage tank leaking fuel Loss Prevention

Activity: Double-seal tanks

8. The Interaction: Moving a production facility to an underdeveloped

coun­try Loss Prevention Activity: Host-government relations activities,

research

The purpose of these illustrations is not so much to identify the full scope

of ac­tivities that constitute loss prevention as it is to give the reader a

general sense of the variety of loss prevention activities; these

illustrations also reinforce the

point made earlier that loss prevention activities will likely be quite

specific to the problem or risk confronting the organization.

Loss Reduction

Loss reduction programs are designed to reduce the potential severity of a

loss. A sprinkler system is a classic example of loss reduction; because fire

is required to activate the sprinklers, such a system does not reduce the

probability of loss. Instead, a sprinkler system reduces the amount of damage

if a fire occurs.

Loss reduction activities are post-loss measures. Although such measures may

be planned prior to any loss, their function or purpose is to minimize the

impact of losses that occur. Loss reduction programs are a tacit admission on

the part of the risk manager that some losses will occur, despite an

organization's best efforts. Therefore, steps should be taken to control the

loss and reduce its potential severity.

Earlier, the concept of a risk chain was invoked to illustrate how loss

pre­vention addressed the first three links in the chain. Loss reduction

focuses upon the third link (occasionally) and the fourth and fifth links

(more commonly): the interaction link, the outcome link, and the consequences

link. A loss reduction effort may address the interaction link only insofar

as the measure intervenes to stop a loss in progress. A clean-agent (gaseous)

fire suppression system offers a good illustration: the interaction of hazard

and environment results in the ig­niting of combustible materials. While this

interaction is occurring, the gaseous suppression system responds and reduces

the ultimate impact of the fire.

The fourth and fifth links are addressed after a loss has occurred and the

risk manager must minimize the outcome and the consequences of the loss. For

example, a worker suffers serious burns to his arms and legs. Assuring that

this worker is sent promptly to a burn treatment center with the appropriate

exper­tise is a loss reduction measure.

One widely used loss reduction measure is salvage. Rarely will a loss be

total, and a risk manager may minimize the loss through salvaging the

prop­erty. A car can be sold for scrap, while a damaged but repairable piece of

equip­ment may be sold to a secondary market. Insurance companies employ

salvage extensively to minimize the impact of losses they pay and risk managers

have emulated this loss reduction technique.

A somewhat related loss reduction technique is commonly identified by the term

subrogation. When an insurance company pays a claim to a policyholder, there

may be an opportunity for the insurer to seek reimbursement from a neg­ligent

third party in the claim. After the insurer has paid the claim, the insured's

common law right to collect from the negligent third party becomes

"subro-gated" (that is, it is transferred) to the insurer. If the insurer can

successfully col­lect, its recovery has reduced the impact of the claim on the

insurer. In a risk management setting, an employer who has a self-insured

workers' compensa­tion program may seek reimbursement for benefits paid to an

injured worker by filing a lawsuit against a negligent third party who was

responsible for injuring the worker (e.g., the manufacturer of an industrial

machine that injures the worker).

As a practical matter, subrogation might also be reviewed as a loss reduction

measure that addresses longer-term consequences of a loss. Subrogation is one

type of litigation management tool, litigation management being a set

of strategies or tactics that seek to control or reduce the impact of a legal

action arising out of a loss that has occurred. Among the specific methods

employed are arbitration, mediation, and other alternative dispute resolution

tools; litiga­tion strategy and philosophy; settlement strategies; and public

relations efforts to manage the "court of public opinion."

Loss reduction seeks to reduce the impact of loss either through controlling the

event as it occurs, controlling the immediate outcome of the event, or

con­trolling the longer-term consequences of the event. Catastrophe or

contingency plans are an integrated approach to loss reduction. A

catastrophe plan is an or­ganization-wide effort to identify possible crises or

catastrophes and develop plans for responding to such events. Catastrophe

planning usually involves a fairly lengthy process of research and evaluation

that ultimately yields a con­tingency plan for possible use in the event of a

catastrophe. Among the activi­ties that might become part of a catastrophe plan

are:

1. Cross-training employees

2. Back-up, off-site storage of computerized records

3. Updating of fire suppressant system

4. Securing of credit from lending institutions

5. Training of employees on emergency safety procedures

6. Disaster training/planning with fire department or similar governmental

organizations (Federal Emergency Management Agency—FEMA—for ex­ample)

7. Cold- or hot-site backup computer facility

8. Construction modification, such as installation of firewalls

9. Development of community relations strategy 10. Creation of an Emergency

Response Team or Committee.

As can be seen, catastrophe planning is similar to loss prevention activities

in that specific activities are dictated by details peculiar to the

organization's sit­uation and preferences. Catastrophe plans vary

considerably between organi­zations.

Catastrophe or crisis management is a topic that has become a separate topic of

study in recent years. For example, Laurence Barton's Crisis in

Organi­zations: Managing and. Communicating in the Heat of Chaos (Barton,

1993) presents a thorough introduction to catastrophe management. Barton

details the devel­opment of a crisis management plan, the designation of a

crisis team, and the imposition of a level of crisis-preparedness on an

organization. A technical un­derstanding of catastrophe management is essential

for the risk manager, but there is some danger in decoupling catastrophe

management from the broader subject of risk management. Catastrophe plans are

much less likely to succeed if imposed upon an organization that has no

existing risk management culture in place at the time of a disaster.

A special case of loss reduction, suggested by Dr. George Head (Head, 1986),

is duplication of an existing asset that is not used unless something

hap­pens to the original asset. Spare parts or duplicate machinery illustrate

the con­cept. Duplication often is used in cases in which an indirect loss,

such as loss, of use arises from direct damage to the asset. In such cases,

duplication reduces the amount of damage if a loss occurs by reducing or

eliminating the indirect loss. Duplication often serves in the dual roles of

loss prevention and loss reduction. Duplication reduces the probability of an

indirect loss because the duplicate may be available for use if the original

asset cannot be used. Backing up com­puter files and storing the backup

records off-site is perhaps the most vivid il­lustration of the value of

duplication, since the loss of employee records, ac­counts receivable,

transaction documentation, or other financial information could be a serious

problem for an organization.

Separation offers a final illustration of a loss reduction technique.

Separation is a technique by which an organization attempts to isolate its

exposures to loss from each other instead of allowing them to be vulnerable to

a single event. Fire walls within a structure are an example of separation;

dividing the interior of the structure into a number of compartments separated

by fire-resistant materi­als tends to confine the damage to a single

compartment if a fire occurs. Another example of separation is a rule requiring

employees in a retail establishment to move cash accumulations over a stated

amount from cash registers to a more se­cure location, such as a bank vault. A

third example of separation is a rule re­quiring the storage of vehicles in a

fleet in diverse locations rather than a single place. The motive behind

separation is to reduce any dependency between an organization's exposures to

loss by reducing the likelihood that a single event could affect them all.

The act of separation does not necessarily reduce the chance of loss to a

sin­gle exposure unit, although it tends to reduce the chance of a

catastrophic loss. The effectiveness of separation may depend on the type of

asset and the cause of possible loss. For example, storage of inventory in

several warehouses dis­persed throughout a one-square-mile area may reduce

the likelihood of a cata­strophic fire loss. If the warehouses are located in

a coastal area, however, they still may be vulnerable to catastrophic damage

from hurricanes.

187

CHAPTER 8

Risk Control

Information Management

Chapter 1 explained how the reduction or resolution of uncertainty has

eco­nomic value, and how information can reduce or resolve uncertainty.

Informa­tion emanating from an organization's risk management department can

have important effects in reducing uncertainty in an organization's

stakeholders. To realize the maximum benefit from a loss control program, for

example, the pro­gram's objectives and its favorable effects can be

communicated to stakeholders having an interest in the outcome: employees,

regulators, insurers, and for a government entity, taxpayers. Having an

effective loss control program in place goes only part of the way toward

meeting the organization's objectives if the in­formation describing its

effectiveness never reaches the organization's stake­holders whose interests

are affected.

Communication from an organization's risk management department con­veys

information describing the effectiveness of loss control measures and the

intent of the department's future actions. Loss occurs as a result of natural

forces and the actions of humans, and uncertainty can arise from imperfect

knowledge along either dimension. Lack of information can cause stakeholders

to become

188

PART THREE

Risk Management Methods and Techniques

uncertain about the nature of the organization's actions with respect to

matters affecting their interests. Their uncertainty leads them to charge a

higher price for their goods and services or to demand safeguards or

restrictions having an unfavorable effect on the organization. Credible

information from the risk man­agement department can provide these

stakeholders with the assurance that the organization has not and will not

take actions that are detrimental to their interests.

Another area in which communication can reduce uncertainty involves

in­dividuals' awareness of the loss-causing process; the risk chain, for

example. Knowledge of the process by which hazards evolve into injuries can

reduce un­certainty in affected parties, as the awareness allows better

forecasts of the con­sequences of actions. For example, employees' awareness

of the circumstances leading to possible injury can alert them to situations

requiring preventive ac­tion. One possibility for enhancing this awareness is

a reporting method and system of rewards for employees who make suggestions

leading to safer practices.

Risk Transfer

Risk transfer is a risk control tool that causes some entity other than

the one ex­periencing the loss to bear the burden of the loss. Transfer may be

accomplished in two ways. First, the property or activity responsible for the

risk may be trans­ferred to some other person or group of persons. For example,

an organization that sells one of its buildings transfers the risks associated

with ownership of the building to the new owner. A general contractor who is

concerned about possi­ble increases in the cost of labor and materials needed

for the electrical work on a job to which he or she is already committed can

transfer the risk by hiring a subcontractor (with a fixed price contract) for

this portion of the project. This type of transfer, which is closely related to

avoidance through abandonment, is a risk control measure because it attempts to

eliminate exposure to potential loss that otherwise could strike the

organization. Risk transfer differs from avoid­ance through abandonment because

a transferred risk results in an exposure for some other entity. An abandoned

risk is passed to no one.

Second, the risk, but not the property or activity, may be transferred—usu­ally

by contractual agreement. For example, a lease may shift to the landlord the

tenant's responsibility for negligent damage to the landlord's premises. A

re­tailer may assume responsibility for any damage to products that occurs

after the products leave the manufacturer's premises even if the manufacturer

other­wise would be responsible. A customer may give up the right to sue a

business for bodily injuries and property damage sustained because of defects

in a prod­uct or a service. The contracts that implement such transfers are

called "excul­patory contracts." In a risk control transfer, the transferee

(the party accepting the risk) excuses the transferor (the party transferring

the risk) from liability. The transferor's exposure is eliminated. The above

examples of exculpatory contracts, if upheld by courts, are risk control

transfers. However, a promise by the transferee to reimburse the transferor for

damage is not a risk control trans­fer, as the transferor still faces

the risk. Such a promise is an example of a risk fi­nancing transfer, which is

covered in the next chapter.

Although the distinction between risk control and risk financing transfer may

appear to be semantic, it can have economic consequences when the trans­feree

becomes insolvent or otherwise unable to pay for the damage. Also, a risk

financing transfer may limit the transferee's liability, after which point

the burden of loss again falls on the transferor. For example, leases of

business property often require the tenant to reimburse the landlord for fire

damage to the rented premises even if the tenant is not negligent. Under a

purchasing agreement, a retailer may secure a promise from a manufacturer to

reimburse the retailer for any payments to third parties arising from defects

in the manufacturer's products. As part of a bailment agreement, a laundry

may accept responsibility for damage to customers' property even if the

laundry, except for the agreement, would not be liable. In each of these

instances, the transferor bears the economic burden of damage if the

transferee is unable to pay.

Risk control transfers involve only the transferor and the transferee; risk

fi­nancing transfer, however, may involve others. A transferee cannot excuse

a transferor from any liability the transferor may have to third parties

because the third parties are not part of the agreement; the law does not

allow the rights of third parties to be reduced by this transfer. The

transferee can, however, agree to finance any losses that otherwise may have

been financed by the transferor.

Unless a risk control transfer is declared illegal, it offers complete

protection for the transferor. The burden of the risk falls completely on the

transferee. Under a risk financing transfer, in contrast, if the transferee

fails for any reason to provide the promised funds following a loss, the

transferor bears the loss. A single agreement may result in a risk control

transfer with respect to some po­tential losses and a risk financing transfer

with respect to others. For example, a lease may excuse the tenant from

responsibility for any damage to the premises (risk control) and obligate the

landlord to finance any liability of the tenant to others arising out of

activities on the premises (risk financing).

Nothing in the above discussion implies that a risk control transfer is

cost­less for the transferor. Where a fixed price contract is used to

transfer the risk of possible increases in the cost of labor and materials to

a subcontractor, for ex­ample, the fixed price of the contract reflects the

value of the risks being trans­ferred. Recognizing this point, rational

parties would be expected to transfer a risk only when the transferee

possesses a relative advantage in controlling or otherwise managing and

bearing the risk. Where the transferee is at a relative disadvantage, the

price of the transaction from the transferor's point of view is affected

adversely; the transferee charges too much to accept the responsibility for

managing the risk.

189

CHAPTER 8

Risk Control

RISK CONTROL, GOVERNMENT AND SOCIETY

Reasons other than self-interest motivate organizations to practice risk

control. A number of private and nonprofit organizations promote and

encourage risk control activities. Federal and state governments also promote

and encourage risk control, and in some cases mandate that risk control

activities be under­taken.

190

PART THREE

Risk Management Methods and Techniques

Private and Non-Profit Efforts

A partial listing of private and nonprofit groups active in the area of risk

control suggests the range of activities and services. The National Safety

Council is per­haps the most well-known of these groups. The Council includes

among its members individuals, business firms, schools, government

departments, labor organizations, insurers, and others. It assembles and

disseminates information concerning many types of accidents, cooperates with

public officials in safety campaigns, encourages the establishment of local

safety councils, and helps members solve their own safety problems. Other

examples are the American In­surance Association, an organization of insurers

that publicizes the extent and causes of fire losses, investigates suspected

cases of arson, grades municipalities according to the quality of their

exposures to fire and their protection against fire loss, and suggests codes;

the Underwriters Laboratories, another insurance-sponsored organization that

tests equipment (television sets, electric wiring, safes, etc.) to determine

whether it meets safety standards; the National Fire Protection Association,

which establishes standards and codes, stimulates local loss control

activities, and promotes fire safety, educates the public, and en­courages

its members, including public officials, to adopt its suggestions; the

In­surance Institute for Highway Safety, which provides financial assistance

for other organizations engaged in traffic safety work and also provides

direct as­sistance in selected states; and the National Automobile Theft

Bureau, whose name indicates its concern. Individual insurers also maintain

engineering or loss control departments to study risks faced by their

insureds, and suggest ways in which these risks might be reduced. Insurers

also provide posters, films, pamphlets, and conduct safety classes.

Because unions are concerned with all matters affecting working condi­tions,

they also are active in loss control. Unions tend to strongly support

gov­ernment regulations to improve workplace safety; they belong to the

National Safety Council and similar organizations, and they often demand new

or more intensive loss control from employers.

Governmental Efforts

Government is involved in loss control because (1) the public interest often

re­quires the government to enact legislation requiring all industries to

provide in­formation, meet certain standards, and stop undesirable practices,

and (2) the government can provide certain services, such as those of fire

departments, more economically and efficiently than can scattered private

firms. The govern­ment exercises this responsibility through a variety of

educational efforts (pam­phlets, posters, and conferences) and through

statutes and codes regulating building construction, working conditions,

safety equipment and safety cloth­ing, maximum occupancy in rooms and

elevators, sewage disposal facilities, and the operation of motor vehicles.

This duty is met through inspections de­signed to enforce the statutes and

codes, by police and fire departments, reha­bilitation programs, the

assembling and dissemination of statistical data related to loss prevention

and reduction, and by the conduct and encouragement of re­search activities.

Economists note that certain aspects of some risks lead to a demand for

gov­ernment involvement. Two characteristics that should be mentioned are

exter­nalities and public goods. Externalities are costs or benefits

that are not captured in the ordinary functioning of a market. Pollution is a

commonly cited example of an externality. A manufacturing firm may pollute the

environment/ harming a neighboring community. The cost to the community will

largely, if not com­pletely, escape the pricing of the good produced by the

polluter.

A public good is a good or service that cannot be limited to purchasers of

the good. National defense is often cited as an illustration of a public

good. By its nature, a national defense is available to everyone, whether

they pay for that service or not. This inability to discriminate between

buyers and nonbuyers leads to a phenomenon known as the "free rider." Free

riders are those individ­uals or organizations that enjoy the benefits of a

good or service while avoiding the cost or price of that service.

In both cases, externalities and public goods, the government may be

ex­pected to intervene to direct the costs of goods and services (or risks)

to the ap­propriate parties.

Perhaps the best-known government intervention in the realm of risk

man­agement is the Occupational Safety and Health Administration. In late

1970, Congress passed the Occupational Safety and Health Act (OSHA), an

extremely important piece of safety legislation. OSHA applies to private

employers of one or more persons (the self-employed are exempted) engaged in

a business af­fecting interstate commerce, except for some employers subject

to special fed­eral legislation such as the Federal Coal Mine and Safety Act.

About three-fourths of the civilian labor force is affected. Federal

government employees are covered under a separate federal program. State and

local governments histor­ically have been exempt. States may assume

responsibility for developing and enforcing occupational safety and health

standards under plans approved by the Secretary of Labor. The state standards

must be at least as stringent as the counterpart federal standards. Many

states have developed plans that have been accepted by the federal

government. Indeed, many state plans impose standards that are stricter than

the federal law. For instance, federal law re­quires states that assume

responsibility for occupational safety and health to in­clude governmental

entities as covered organizations under OSHA.

Under the Occupational Safety and Health Act/ the Secretary of Labor

es­tablishes safety and health standards and enforces compliance with these

stan­dards. Voluminous standards have been developed. Many are "consensus"

safety standards previously developed as voluntary guidelines for business by

private associations, such as the American National Standards Institute and the

National Fire Protection Association. Other standards are based on federal

reg­ulations developed earlier for contractors and maritime industries. Still

others are new standards proposed by the Secretary after consultation with an

OSHA Standards Advisory Committee. Proposed new or revised standards must be

published in the Federal Register. Interested parties have 30 days in

which they can comment informally on the proposal. Affected parties also have

60 days after a standard is promulgated to challenge the standard before the

U.S. Court of Appeals. An individual employer may apply for a temporary

variance from a standard in order to have more time to comply. The employees of

such an employer must be aware that the employer has applied for this variance

and be al­lowed to appear at the hearing on the application. Illustrative

standards include:

1. All places of employment, passageways, storerooms, and service rooms shall

be kept clean and orderly and in a sanitary condition.

2. Portable wood ladders longer than 20 feet shall not be supplied to workers

(the standard on portable wood ladders alone fills more than 15 pages).

3. In the absence of an infirmary, clinic, or hospital in near proximity to

the workplace which is used for the treatment of all injured employees, a

per­son or persons shall be adequately trained to render first aid.

To check compliance with these standards, federal inspectors have the right

to enter without notice, but at reasonable times, any covered establishment.

An employee can also request such an inspection by describing in writing what

he or she considers to be a serious violation of some standard. The name of

the complaining employee may not be revealed to the employer. During an

inspec­tion the employer and an employee representative may, upon request,

accom­pany the inspector. As a result of a court decision in the late 1970s,

an employer can require the inspector to obtain a warrant for the search.

If an inspector discovers a violation that is more than de minimus, the

in­spector is directed to issue a written citation decribing the violation

(de minimus means no direct or immediate relationship to job safety and

health, e.g., no toi­let partitions). This citation must be posted near the

location of the violation. Within a reasonable time the employer must remove

the hazard.

If death or serious physical harm could have resulted from the violation, the

citation means a mandatory penalty up to $1,000. Less serious violations may

entail smaller penalties, but the penalties still can range up to $1,000. If

the em­ployer fails to correct the violation within the time stated in the

citation, he or she may be penalized up to $1,000 each day the

violation continues. Penalties of $10,000 per violation may be levied for

willful or repeated violations. If a will­ful violation results in the death of

an employee, the employer is either fined $10,000 or imprisoned up to six

months. These penalties are doubled if such a fatal willful violation is

repeated. An employer can appeal citations before a judge acting on behalf of

the three-member Occupational Safety and Health Commission, which administers

the safety standards portion of the act. Any one of the three commission

members can demand a review of the judge's decision by the entire commission.

Commission orders may in turn be appealed to the U.S. Court of Appeals.

In addition to meeting certain health and safety standards, employers of

eight or more employees must maintain and make available to government

rep­resentatives accurate records of work-related deaths, illnesses, and

injuries that cause the employee to miss work. These employers also must

maintain records of injuries without lost workdays that result in medical

treatment beyond first aid, diagnoses of occupational illness, and injuries

involving loss of conscious­ness, restriction of work or motion, or transfer

to another job.

Under a High-Risk Occupational Disease Notification and Prevention bill, also

known as the "Right to Know" bill, the Department of Health and Human Services

identifies hazardous substances and notifies current and past employees who

have been exposed to these hazardous substances. Private employers

193 are required to pay for medical screening of these employees and either

provide chapter 8 other employment for a worker with an

occupational disease or permit the Risk Control worker to

resign and receive one year's salary. Many employers object to the high costs,

including workers' compensation costs/ that this program imposes.

OSHA requires that employees be notified of their rights under the law. They

must also not be discharged or harassed because they exercise these rights.

In the 1993-1994 session, both houses of Congress began considering sev­eral

major reforms of OSHA. Although it is impossible to describe the outcome of

these deliberations, certain features appear likely to emerge. First,

employers may be required to take further steps to promote workplace safety,

including the development of safety plans and the creation of safety

committees to over­see the execution of safety plans. Reporting procedures

are likely to change as well. The biggest change is likely to occur in the

area of inspection and enforce­ment. Under various proposals,

responsibilities for compliance may shift to the employers. For instance, it

is possible that employers will be required to con­tract with a private

inspection service and submit to an inspection—the report of which would be

submitted to OSHA. Such a reform measure would allow OSHA to reduce its own

inspection activities, while actually increasing the amount of safety

inspecting that would be done.

As a final note, readers should be made aware of the great difficulty risk

managers can face in keeping abreast of government mandates. At any given

moment an organization may be required to understand and comply with dozens

of regulatory mandates pertaining to risk control. Further, new direc­tives

and laws are emerging all the time, so risk managers need to spend a cer­tain

amount of time studying legislative activity. For example, between 1994 and

1998, most governmental risk managers will face over 20 new regulatory

re­quirements (PRIMA, 1993). A partial listing of those requirements

includes:

1. Five compliance provisions arising from the Americans with Disabilities Act.

2. Four new compliance directives from the EPA covering underground stor­age

tanks.

3. Three new requirements promulgated by the EPA for municipal solid waste

landfills.

4. Two new EPA requirements for the control and disposal of sewage sludge.

5. A special OSHA directive for working in confined spaces.

6. A second OSHA requirement covering the reporting of workplace injuries and

illnesses.

7. Two new Department of Labor requirements arising from the Family and

Medical Leave Act.

8. Two IRS directives which apply to pension nondiscrimination rules.

Key Concepts

risk control Those techniques, tools, strategies and processes that seek

to alter the organization's exposure to risk by

avoiding, preventing, reducing, or other­wise controlling the frequency

and/or magnitude of risks and losses or gains.

194

PART THREE

Risk Management Methods and Techniques

subrogation The legal transfer of a right, discussed in this chapter as a

loss reduc­tion tool.

catastrophe management plan An orga­nization-wide loss reduction plan for

controlling the indirect, consequential, and time element losses associated

with a catastrophic event.

information management (as a risk re­duction tool) The use of information

for the express purpose of reducing un­certainty, or for enhancing stakeholder

awareness or knowledge of organiza­tional risks.

the Occupational Safety and Health Ad­ministration (OSHA) A significant

government program that promulgates and enforces workplace safety stan­dards.

risk selection The control technique best described as the conscious

acceptance of risk in accordance with an organiza­tion's overall goals,

objectives, and risk-taking philosophy.

risk financing Those tools and tech­niques used to finance the cost of

risks and losses.

risk avoidance A risk control technique whereby a risk is proactively

avoided or abandoned after rational consideration.

loss prevention Those strategies and ac­tivities intended to reduce or

eliminate the chance of loss.

loss reduction Those activities that min­imize the impact of losses that

do occur.

the risk chain A simple model of acci­dents that interprets those

accidents as consisting of five elements or "links":

the hazard, the environment, the inter­action, the outcome, and the

conse­quences.

Review Questions

1. Distinguish between risk control and risk assessment. How are they related?

2. What is the relationship between risk control and risk financing?

3. Give three examples of how risk avoidance might actually harm an

organization.

4. How is proactive avoidance different from abandonment?

5. Consider some current event in which a loss has occurred, for example.

Hurricane Andrew, the Los Angeles riots, the earthquake in Cairo, Egypt.

Using the risk chain concept, break the event down into:

a. The hazard

b. The environment

c. The interaction

d. The outcome

e. The consequences.

6. With respect to the event you identified in question 5, does this analysis

suggest any possible risk control activities?

7. Classify each of the following as to whether they are loss prevention or

loss reduc­tion activities:

a. Oily rags and paper are cleaned up or disposed of each day.

b. Nonslip treads are placed on each stairway.

c. Brakes on delivery vehicles are inspected each week.

d. Safety meetings are held each month.

e. A take-over target is evaluated for its past risk management activities.

f. Machines are equipped with safety guards.

g. All key employees are required to take an annual physical evaluation.

h. A new product is manufactured during a slack period.

i. Board of director decisions are recorded and documented.

8. Describe briefly the responsibilities imposed on employers by OSHA.

9. Why is separation considered a loss reduction activity?



(C) 2009