Ðåôåðàò: Risk Control
CHAPTER 8
Risk Control
Learning Objectives
After you have completed this chapter, you should be able to:
1. Distinguish between risk control and risk financing methods.
2. Explain the relationship between risk control and risk assessment.
3. Identify the positive and negative attributes of risk avoidance.
4. Distinguish between loss prevention and loss reduction activities.
5. Understand the benefits and costs of loss prevention and loss reduction.
6. Explain the purpose of the Occupational Safety and Health Administration
(OSHA).
7. Identify examples of governmental involvement in risk control.
INTRODUCTION
Risk control methods seek to alter an organization's exposure to risk. More
specifically, risk control efforts help an organization avoid a risk,
prevent loss, lessen the amount of damage if a loss occurs, or
reduce undesirable effects of risk on an organization. The application of
techniques to achieve these ends may range from simple and low-cost to complex
and costly. Risk control methods are exemplified by security systems to prevent
unauthorized entry or access to data; by sprinklers and other fire control
systems; by training programs to educate employees on techniques to reduce the
likelihood of injury; by the development and enforcement of codes regulating
construction, with the purpose of decreasing the vulnerability of structures to
forces of nature; and so on.
In concept, risk control is an intermediate point between risk assessment and
risk financing. Risk control efforts are prompted by an awareness and
recognition of an exposure to risk. In turn, risk control efforts determine
the extent to which undesirable effects of the risk are manifested within
the organization. Ultimately, these undesirable effects translate into
financial results. This sequential description implies that risk control is
linked to risk assessment and to risk financing in important ways. These
linkages become key points in understanding the thought process of a risk
manager.
WHAT IS RISK CONTROL AND WHEN IS IT USED?
Effective risk control reduces an organization's exposure to risk. More
formally, risk control includes techniques, tools, strategies and processes
that seek to avoid, prevent, reduce, or otherwise control the frequency
and/or magnitude of loss and other undesirable effects of risk; risk control
also includes methods that seek to improve understanding or awareness within
an organization of activities affecting exposure to risk.
The use of risk control methods in an organization can be based on criteria
applying generally to nearly all areas of activity including risk management:
a balancing of benefits against costs. In some instances/ external influences
such as state and federal governments mandate the use of risk control methods
or provide other incentives affecting the use of risk control. Where such
direct incentives are absent, an even-handed balancing of benefits and costs
of risk control often tends to understate its true benefits. This statement
is based upon three considerations: (1) the cost of risk financing is
commonly greater than the cost of losses, (2) losses typically generate
indirect or hidden costs that may not be revealed until the distant future,
and (3) losses can have effects outside an organization.
Point 1 can be illustrated by considering insurance. The dollars spent for
insurance include the insurer's charges for overhead, profits, taxes,
commissions, and so on. To the extent that risk control can prevent a loss,
the costs of the loss are saved but so are at least some of the
administrative and transactional costs. Even in situations in which an
organization self-finances losses, the savings derived would have to include
administrative costs necessary to self-administer the claims.
Points 2 and 3 are important. Almost invariably, a direct loss will generate
indirect, consequential, and time element losses. Some of the loss costs may
fall on society or on others, as when an organization pollutes the
environment. To the extent that losses are prevented or controlled, these
costs are eliminated and the case for risk control is further strengthened.
THE RELATIONSHIP OF RISK CONTROL TO RISK ASSESSMENT
In Chapter 3 the subject of risk assessment was introduced and discussed.
That discussion explained that risk assessment involves a thorough and
critical analysis of the process through which gains or losses are produced.
The study and analysis of the sequence of events leading to such outcomes is
influential in the development of risk control solutions, since an
understanding of how outcomes occur very often leads to insights into
possible risk control methods. The linkage between risk assessment and risk
control becomes more explicit by considering the "risk chain," a concept
that describes the process leading to loss as a linked chain of events. The
"links" in this chain are:
1. The hazard
2. The environment
3. The interaction
4. The outcome
5. The consequences.
The hazard is the condition that might lead to a loss, for instance, an
improperly maintained piece of heavy machinery. The environment is the
context in which the hazard exists, for instance, the shop floor where the
improperly maintained piece of machinery is located. The interaction is the
process whereby the hazard interacts with the environment, sometimes having
no effect and sometimes resulting in loss. For instance, a worker operating
this improperly maintained equipment might suffer injury because a protective
screen is not in place when a drill bit breaks. The outcome link is the
immediate result of the interaction, in this case a serious eye injury.
Finally, the consequences link refers not to the immediate outcome (the
injury) but rather the longer-term consequences of the event; a workers'
compensation claim, repair of the equipment, an OSHA penalty, and so on.
The risk chain is discussed here to show the relationship between risk
assessment and risk control. As part of risk assessment, a risk manager is
likely to analyze the nature of hazards within the organization, the
environment in which these hazards exist, the potential outcomes when hazards
interact with environment, the immediate outcomes of accidents and the
longer-term consequences. While this analysis is occurring, however, the risk
manager is quite likely to be considering possible strategies for managing a
particular risk. For instance, an analysis of the previously described risk
might suggest to the risk manager that machinery maintenance is a major part of
managing the risk, so adopting maintenance protocols for this equipment may
become the center-piece of the risk management plan for this particular area.
Readers interested in the risk chain concept are directed to Merkhofer's
Decision Science and Social Risk Management (Merkhofer, 1987), which
develops a similar idea.
THE RELATIONSHIP OF RISK CONTROL TO RISK FINANCING
Risk financing methods are used by organizations to provide resources for
reimbursing the cost of loss (insurance, for example). Most organizations
utilize some financing mechanism that transfers the risk to another party or
they retain the risk and absorb the cost of losses internally. Risk control
has a powerful relationship with risk financing because the control of risks
can have a significant effect on the frequency and severity of losses that
must be "financed."
The positive effects of effective risk control on an organization's risk
financing costs are likely to occur irrespective of the particular risk
financing methods used. If losses are retained, the benefit is obvious—losses
do not occur
and loss financing is not needed. Also, for most medium and large
organizations, the pricing of insurance or other financing mechanisms is based
upon the principle that, over time, the organization will pay almost the (if
not the) full cost of its losses. That is, except for the rare
catastrophic loss, most organizations above a certain size ultimately pay for
all the losses they suffer. Therefore, any effort to control a risk will
usually have a positive effect on the cost of financing. While this may seem
obvious, the relationship sometimes escapes the attention of managers. As an
illustration, many managers hold the view that an injured worker collecting
workers' compensation benefits is "no longer the organization's problem"
because "workers' compensation will take care of the worker." This comment
could be made only if the manager fails to see that her organization's loss
experience and risk control efforts directly influence the cost of its workers'
compensation insurance.
As with risk control and risk assessment, the actual implementation of risk
control and risk financing activities rarely occurs in a sequential manner.
For example, an insurer may stipulate that certain risk control activities
occur as a condition of the insurance (risk financing) contract. These
activities might include the installation of a sprinkler system in a
warehouse or the adoption of standardized safety procedures.
RISK CONTROL AND SPECULATIVE RISKS
The term "risk control" traditionally has been applied to methods addressing
possible losses rather than gains. However, nothing about the concept of risk
control requires it to be limited to "pure" risks. It is true that risk
control methods are limited by an organization's ability to exert an
influence on the frequency and severity dimensions of the risk; for
instance, an organization may have almost no control over the risk of changes
in the price of a widely held common stock. However, this does not preclude
the application of risk control to "speculative" risks. This is especially
the case because the organization frequently has control over its exposure
to "uncontrollable" risks. The organization can avoid the uncontrollable
investment risk mentioned above by not investing in that particular company.
The concept of risk control applies to all risks, whether or not gains are
possible. For a business, profit is the difference between revenues and
costs, both of which are uncertain. Most actions of managers affect both
revenues and costs. The pure/speculative risk dichotomy fails to
unambiguously classify the type of risks addressed by efforts such as quality
control, which can have effects on both future revenues (through enhancement
of perceived value) and future costs (through reduced warranty claims and
reduced injury costs).
Risk control applied to speculative risk is exemplified by a business
entering a joint venture with a foreign-based marketing organization as a
means of gaining entry to a foreign market. On the one hand, the entry into a
foreign market is a deliberate acceptance of a new exposure to risk. On the
other hand, the joint venture agreement provides access to the skills,
knowledge, and contacts of the foreign-based organization; it also creates
an incentive for the foreign organization to work towards the success of the
project. As a consequence,
the use of the joint venture tendsTcTmitigate tne exposure. inc luini ui 110^
^^. trol illustrated by this example can be described as rzsfc selection
or selective exposure: the deliberate choice by an organization of
risks for which its knowledge and skills provide a relative advantage in
risk-bearing. A well-designed mission statement for an organization can offer
guidelines for selecting risks that are aligned with the organization's
mission.
Most organizations today would be unfamiliar with this interpretation of risk
control. For one thing, this definition seems to suggest the existence of an
organization "master plan" for risk control. That is unlikely to be the case,
because most organizations continue to rely on specialists to control risk:
marketing managers control marketing risk, finance managers control
financial risks, risk managers control pure risks, and so on. However, the
fact that organizations do not, generally, coordinate their risk control
activities does not mean there is no value in doing so.
CHAPTER 8
Risk Control
RISK CONTROL TOOLS AND TECHNIQUES
Risk management has been described as an "art," because creativity seems to
play an important role. The illustrations that follow emphasize that view.
The activities that constitute one organization's risk control efforts may be
quite different from the efforts of a similar organization in another part
of the world. Organizations vary as to their desire for risk control, and
any particular risk may be managed through a variety of techniques. Indeed, a
comprehensive list of risk control applications would be virtually endless,
limited only by the collective imagination of the risk management community.
Although risk control programs can vary from organization to organization as a
consequence of creativity and innovation, a typology of risk control tools and
methods still exists. Risk control tools and techniques can be categorized as
risk avoidance, loss prevention, loss reduction, information management, and
some types of risk transfers.
Risk Avoidance
One way to control a particular risk is to avoid the property, person, or
activity giving rise to possible loss by either refusing to assume it even
momentarily or by abandoning an exposure to loss assumed earlier. The first of
these avoidance activities is proactive avoidance, while the second is
abandonment.
Government and business risk management practices reveal several examples of
proactive avoidance. A leading chemical firm once planned to conduct a
series of experiments in a rural area containing a single small town. While
preparing for the experiments, the researchers discovered that the venture
might possibly cause extensive property damage to the community. The risk
manager was asked to purchase insurance against this possibility, but only a
few insurers were willing to provide the protection, and the premiums for
insurance were much greater than the firm was willing to pay. Consequently,
the firm decided against conducting the experiments.
A governmental entity recently was bequeathed a small amusement park.
182
PART THREE
Risk Management Methods and Techniques
The park, which contained a number of antiquated rides for children, was
inspected by the risk manager who determined that the rides were extremely
hazardous. After some negotiation between the government and the estate
executor, the estate sold the rides for scrap and donated the vacant lot to
the government. That government converted the lot to an "open space" park,
which contains several gardens, fountains, and walking paths. In this case,
one might argue that the government did not proactively avoid the source of
the risk (the park), but it did avoid the hazards (the rides). Through such
an example, readers can see that avoidance is not always a clear-cut matter.
Indeed, in many circumstances, successful avoidance may be as much a matter
of how the risk is defined as it is a matter of applying a technique.
Avoidance through abandonment is, perhaps, not quite as common as
proactive avoidance, but it does occur. A risk manager of a university may
recommend against serving alcoholic beverages at university-sponsored
functions because of dram shop liability. A pharmaceutical firm may choose to
discontinue the production of some particular product when reports of serious,
and heretofore unknown, side-effects begin to surface. An apartment management
firm may decide to remove a swimming pool from its premises upon learning that
a majority of the renters have small children.
Avoidance is an effective approach to the handling of risk. By avoiding a
risk, the organization knows that it will not experience the potential losses
or the uncertainty that the risk may generate. However, it also loses the
benefits that may have been derived from that risk. Indeed, this very fact
often makes avoidance an unacceptable option. A particular activity—the
production of some product, the provision of some service—may provide
economic rewards whose expected value far exceeds potential loss costs at the
margin.
There are other circumstances when avoidance simply is not possible. The more
broadly the risk is defined (say, "property damage"), the more likely this is
to be the case. For instance, the only way for an organization to avoid
property damage is to sell all its physical assets. Or, for most college
students, the most significant risk they face is likely to be their future
earning potential, a risk that cannot be avoided. More narrowly, governments
(and particularly the courts) may impose legal expectations that cannot be
avoided. An employer cannot avoid the costs of financing the risk of
unemployment because participation in the unemployment insurance program is
mandatory. The Occupational Health and Safety Administration (OSHA) imposes
the risk of fines for employers who fail to meet safety standards. Finally,
such legal concepts as strict liability may impose a potential obligation or
duty upon an organization that cannot be avoided.
The context of the decision to avoid also may make avoidance impossible. A
risk does not exist in a vacuum, and a decision to avoid a risk might
actually create a new risk elsewhere or enhance some existing risk. For
instance, a city council was told that one of two bridges crossing a river in
the city center was in a state of serious disrepair. In response, the council
decided to close the bridge and divert all traffic to the second bridge. The
increased traffic load made failure of the second bridge more likely to
occur, and within a year that second bridge collapsed. Risks that most
organizations encounter often are interrelated
in some way, and the removal of one can adversely affect the risks remaining
in the "risk portfolio."
Finally, a risk may be so fundamental to the organization's reason for being
that avoidance cannot be contemplated. A mining concern may wish to avoid the
risk of tunnel collapse, but true avoidance would mean leaving the mining
business.
183
CHAPTER 8
Risk Control
Loss Prevention and Loss Reduction
Loss prevention and reduction measures attack risk by reducing the number of
losses that occur (i.e., loss frequency is reduced) or by mitigating the
amount of damage when a loss does occur (i.e., loss severity is reduced).
From a public policy perspective, loss prevention and reduction have the
distinct advantage of preventing or reducing losses for both the individual
organization and society while permitting the organization to commence or
continue the activity creating the risk.
Loss Prevention. Loss prevention programs seek to reduce the number of
losses or to eliminate them entirely. The earlier discussion of the risk chain
is important to recall here, because loss prevention activities seek to
intervene in the first three links in the chain: the hazard, the environment,
and the interaction of hazard and environment. That is, loss prevention
activities are focused on:
1. Altering or modifying the hazard
2. Altering or modifying the environment in which the hazard exists
3. Intervening in the processes whereby hazard and environment interact.
The examples of loss prevention activities below illustrate how these tactics
focus upon each of the first three links in the risk chain.
Loss Prevention Activities That Focus on the Hazard
1. Hazard: Careless housekeeping
Loss Prevention Activity: Training and monitoring programs
2. Hazard: Flooding
Loss Prevention Activity: Dams, water resource management
3. Hazard: Smoking
Loss Prevention Activity: Ban on smoking, confiscation of smoking materials
4. Hazard: Pollution
Loss Prevention Activity: Handling protocols for use and disposal of
polluting substances
5. Hazard: Icy sidewalks
Loss Prevention Activity: Shoveling, salting, heated walkways
6. Hazard: Radioactive materials
Loss Prevention Activity: Construction of appropriate barriers and containers
7. Hazard: Drunk driving
Loss Prevention Activity: Prohibition, enforcement of ban, prison sentence
184
PART THREE
Risk Management Methods and Techniques
8. Hazard: Lack of information regarding some activity Loss Prevention
Activity: Research
Loss Prevention Activities That Focus on the Environment
1. The Environment: A shop floor that could become slippery from oil spillage
Loss Prevention Activity: Installation of absorbent, non-skid mats
2. The Environment: Interstate highways
Loss Prevention Activity: Barrier construction, lighting, signs, and road
markings
f
3. The Environment: Improperly trained workforce Loss Prevention Activity:
Training .
4. The Environment: Consuming public
Loss Prevention Activity: Adequate product instructions and warnings
5. The Environment: The drug-addicted population
Loss Prevention Activity: Counseling, treatment, detection
6. The Environment: Structures susceptible to fire Loss Prevention Activity:
Fire resistive construction
7. The Environment: Unlighted central city parking facility
Loss Prevention Activity: Lighting, escort, and security service
8. The Environment: Employees driving a fleet of delivery vehicles Loss
Prevention Activity: Driver's education training
Loss Prevention Activities That Focus on Interactions of Hazard and Environment
1. The Interaction: A heating process that may overheat surrounding
equipment Loss Prevention Activity: A water-cooling system
2. The Interaction: Improper lifting of heavy crates by employees Loss
Prevention Activity: Lumbar support belts
3. The Interaction: Vehicle skidding on a slippery road Loss Prevention
Activity: Antilock brakes
4. The Interaction: Telephone line repairworkers working in Minnesota in
January Loss Prevention Activity: Proper clothing, cold-weather work
protocols
5. The Interaction: Consumer use of a hazardous product
Loss Prevention Activity: Safety features, customer assistance
6. The Interaction: A city council deciding on proprietary matters
Loss Prevention Activity: Documentation of decision making, legal counsel review
7. The Interaction: An underground storage tank leaking fuel Loss Prevention
Activity: Double-seal tanks
8. The Interaction: Moving a production facility to an underdeveloped
country Loss Prevention Activity: Host-government relations activities,
research
The purpose of these illustrations is not so much to identify the full scope
of activities that constitute loss prevention as it is to give the reader a
general sense of the variety of loss prevention activities; these
illustrations also reinforce the
point made earlier that loss prevention activities will likely be quite
specific to the problem or risk confronting the organization.
Loss Reduction
Loss reduction programs are designed to reduce the potential severity of a
loss. A sprinkler system is a classic example of loss reduction; because fire
is required to activate the sprinklers, such a system does not reduce the
probability of loss. Instead, a sprinkler system reduces the amount of damage
if a fire occurs.
Loss reduction activities are post-loss measures. Although such measures may
be planned prior to any loss, their function or purpose is to minimize the
impact of losses that occur. Loss reduction programs are a tacit admission on
the part of the risk manager that some losses will occur, despite an
organization's best efforts. Therefore, steps should be taken to control the
loss and reduce its potential severity.
Earlier, the concept of a risk chain was invoked to illustrate how loss
prevention addressed the first three links in the chain. Loss reduction
focuses upon the third link (occasionally) and the fourth and fifth links
(more commonly): the interaction link, the outcome link, and the consequences
link. A loss reduction effort may address the interaction link only insofar
as the measure intervenes to stop a loss in progress. A clean-agent (gaseous)
fire suppression system offers a good illustration: the interaction of hazard
and environment results in the igniting of combustible materials. While this
interaction is occurring, the gaseous suppression system responds and reduces
the ultimate impact of the fire.
The fourth and fifth links are addressed after a loss has occurred and the
risk manager must minimize the outcome and the consequences of the loss. For
example, a worker suffers serious burns to his arms and legs. Assuring that
this worker is sent promptly to a burn treatment center with the appropriate
expertise is a loss reduction measure.
One widely used loss reduction measure is salvage. Rarely will a loss be
total, and a risk manager may minimize the loss through salvaging the
property. A car can be sold for scrap, while a damaged but repairable piece of
equipment may be sold to a secondary market. Insurance companies employ
salvage extensively to minimize the impact of losses they pay and risk managers
have emulated this loss reduction technique.
A somewhat related loss reduction technique is commonly identified by the term
subrogation. When an insurance company pays a claim to a policyholder, there
may be an opportunity for the insurer to seek reimbursement from a negligent
third party in the claim. After the insurer has paid the claim, the insured's
common law right to collect from the negligent third party becomes
"subro-gated" (that is, it is transferred) to the insurer. If the insurer can
successfully collect, its recovery has reduced the impact of the claim on the
insurer. In a risk management setting, an employer who has a self-insured
workers' compensation program may seek reimbursement for benefits paid to an
injured worker by filing a lawsuit against a negligent third party who was
responsible for injuring the worker (e.g., the manufacturer of an industrial
machine that injures the worker).
As a practical matter, subrogation might also be reviewed as a loss reduction
measure that addresses longer-term consequences of a loss. Subrogation is one
type of litigation management tool, litigation management being a set
of strategies or tactics that seek to control or reduce the impact of a legal
action arising out of a loss that has occurred. Among the specific methods
employed are arbitration, mediation, and other alternative dispute resolution
tools; litigation strategy and philosophy; settlement strategies; and public
relations efforts to manage the "court of public opinion."
Loss reduction seeks to reduce the impact of loss either through controlling the
event as it occurs, controlling the immediate outcome of the event, or
controlling the longer-term consequences of the event. Catastrophe or
contingency plans are an integrated approach to loss reduction. A
catastrophe plan is an organization-wide effort to identify possible crises or
catastrophes and develop plans for responding to such events. Catastrophe
planning usually involves a fairly lengthy process of research and evaluation
that ultimately yields a contingency plan for possible use in the event of a
catastrophe. Among the activities that might become part of a catastrophe plan
are:
1. Cross-training employees
2. Back-up, off-site storage of computerized records
3. Updating of fire suppressant system
4. Securing of credit from lending institutions
5. Training of employees on emergency safety procedures
6. Disaster training/planning with fire department or similar governmental
organizations (Federal Emergency Management Agency—FEMA—for example)
7. Cold- or hot-site backup computer facility
8. Construction modification, such as installation of firewalls
9. Development of community relations strategy 10. Creation of an Emergency
Response Team or Committee.
As can be seen, catastrophe planning is similar to loss prevention activities
in that specific activities are dictated by details peculiar to the
organization's situation and preferences. Catastrophe plans vary
considerably between organizations.
Catastrophe or crisis management is a topic that has become a separate topic of
study in recent years. For example, Laurence Barton's Crisis in
Organizations: Managing and. Communicating in the Heat of Chaos (Barton,
1993) presents a thorough introduction to catastrophe management. Barton
details the development of a crisis management plan, the designation of a
crisis team, and the imposition of a level of crisis-preparedness on an
organization. A technical understanding of catastrophe management is essential
for the risk manager, but there is some danger in decoupling catastrophe
management from the broader subject of risk management. Catastrophe plans are
much less likely to succeed if imposed upon an organization that has no
existing risk management culture in place at the time of a disaster.
A special case of loss reduction, suggested by Dr. George Head (Head, 1986),
is duplication of an existing asset that is not used unless something
happens to the original asset. Spare parts or duplicate machinery illustrate
the concept. Duplication often is used in cases in which an indirect loss,
such as loss, of use arises from direct damage to the asset. In such cases,
duplication reduces the amount of damage if a loss occurs by reducing or
eliminating the indirect loss. Duplication often serves in the dual roles of
loss prevention and loss reduction. Duplication reduces the probability of an
indirect loss because the duplicate may be available for use if the original
asset cannot be used. Backing up computer files and storing the backup
records off-site is perhaps the most vivid illustration of the value of
duplication, since the loss of employee records, accounts receivable,
transaction documentation, or other financial information could be a serious
problem for an organization.
Separation offers a final illustration of a loss reduction technique.
Separation is a technique by which an organization attempts to isolate its
exposures to loss from each other instead of allowing them to be vulnerable to
a single event. Fire walls within a structure are an example of separation;
dividing the interior of the structure into a number of compartments separated
by fire-resistant materials tends to confine the damage to a single
compartment if a fire occurs. Another example of separation is a rule requiring
employees in a retail establishment to move cash accumulations over a stated
amount from cash registers to a more secure location, such as a bank vault. A
third example of separation is a rule requiring the storage of vehicles in a
fleet in diverse locations rather than a single place. The motive behind
separation is to reduce any dependency between an organization's exposures to
loss by reducing the likelihood that a single event could affect them all.
The act of separation does not necessarily reduce the chance of loss to a
single exposure unit, although it tends to reduce the chance of a
catastrophic loss. The effectiveness of separation may depend on the type of
asset and the cause of possible loss. For example, storage of inventory in
several warehouses dispersed throughout a one-square-mile area may reduce
the likelihood of a catastrophic fire loss. If the warehouses are located in
a coastal area, however, they still may be vulnerable to catastrophic damage
from hurricanes.
187
CHAPTER 8
Risk Control
Information Management
Chapter 1 explained how the reduction or resolution of uncertainty has
economic value, and how information can reduce or resolve uncertainty.
Information emanating from an organization's risk management department can
have important effects in reducing uncertainty in an organization's
stakeholders. To realize the maximum benefit from a loss control program, for
example, the program's objectives and its favorable effects can be
communicated to stakeholders having an interest in the outcome: employees,
regulators, insurers, and for a government entity, taxpayers. Having an
effective loss control program in place goes only part of the way toward
meeting the organization's objectives if the information describing its
effectiveness never reaches the organization's stakeholders whose interests
are affected.
Communication from an organization's risk management department conveys
information describing the effectiveness of loss control measures and the
intent of the department's future actions. Loss occurs as a result of natural
forces and the actions of humans, and uncertainty can arise from imperfect
knowledge along either dimension. Lack of information can cause stakeholders
to become
188
PART THREE
Risk Management Methods and Techniques
uncertain about the nature of the organization's actions with respect to
matters affecting their interests. Their uncertainty leads them to charge a
higher price for their goods and services or to demand safeguards or
restrictions having an unfavorable effect on the organization. Credible
information from the risk management department can provide these
stakeholders with the assurance that the organization has not and will not
take actions that are detrimental to their interests.
Another area in which communication can reduce uncertainty involves
individuals' awareness of the loss-causing process; the risk chain, for
example. Knowledge of the process by which hazards evolve into injuries can
reduce uncertainty in affected parties, as the awareness allows better
forecasts of the consequences of actions. For example, employees' awareness
of the circumstances leading to possible injury can alert them to situations
requiring preventive action. One possibility for enhancing this awareness is
a reporting method and system of rewards for employees who make suggestions
leading to safer practices.
Risk Transfer
Risk transfer is a risk control tool that causes some entity other than
the one experiencing the loss to bear the burden of the loss. Transfer may be
accomplished in two ways. First, the property or activity responsible for the
risk may be transferred to some other person or group of persons. For example,
an organization that sells one of its buildings transfers the risks associated
with ownership of the building to the new owner. A general contractor who is
concerned about possible increases in the cost of labor and materials needed
for the electrical work on a job to which he or she is already committed can
transfer the risk by hiring a subcontractor (with a fixed price contract) for
this portion of the project. This type of transfer, which is closely related to
avoidance through abandonment, is a risk control measure because it attempts to
eliminate exposure to potential loss that otherwise could strike the
organization. Risk transfer differs from avoidance through abandonment because
a transferred risk results in an exposure for some other entity. An abandoned
risk is passed to no one.
Second, the risk, but not the property or activity, may be transferred—usually
by contractual agreement. For example, a lease may shift to the landlord the
tenant's responsibility for negligent damage to the landlord's premises. A
retailer may assume responsibility for any damage to products that occurs
after the products leave the manufacturer's premises even if the manufacturer
otherwise would be responsible. A customer may give up the right to sue a
business for bodily injuries and property damage sustained because of defects
in a product or a service. The contracts that implement such transfers are
called "exculpatory contracts." In a risk control transfer, the transferee
(the party accepting the risk) excuses the transferor (the party transferring
the risk) from liability. The transferor's exposure is eliminated. The above
examples of exculpatory contracts, if upheld by courts, are risk control
transfers. However, a promise by the transferee to reimburse the transferor for
damage is not a risk control transfer, as the transferor still faces
the risk. Such a promise is an example of a risk financing transfer, which is
covered in the next chapter.
Although the distinction between risk control and risk financing transfer may
appear to be semantic, it can have economic consequences when the transferee
becomes insolvent or otherwise unable to pay for the damage. Also, a risk
financing transfer may limit the transferee's liability, after which point
the burden of loss again falls on the transferor. For example, leases of
business property often require the tenant to reimburse the landlord for fire
damage to the rented premises even if the tenant is not negligent. Under a
purchasing agreement, a retailer may secure a promise from a manufacturer to
reimburse the retailer for any payments to third parties arising from defects
in the manufacturer's products. As part of a bailment agreement, a laundry
may accept responsibility for damage to customers' property even if the
laundry, except for the agreement, would not be liable. In each of these
instances, the transferor bears the economic burden of damage if the
transferee is unable to pay.
Risk control transfers involve only the transferor and the transferee; risk
financing transfer, however, may involve others. A transferee cannot excuse
a transferor from any liability the transferor may have to third parties
because the third parties are not part of the agreement; the law does not
allow the rights of third parties to be reduced by this transfer. The
transferee can, however, agree to finance any losses that otherwise may have
been financed by the transferor.
Unless a risk control transfer is declared illegal, it offers complete
protection for the transferor. The burden of the risk falls completely on the
transferee. Under a risk financing transfer, in contrast, if the transferee
fails for any reason to provide the promised funds following a loss, the
transferor bears the loss. A single agreement may result in a risk control
transfer with respect to some potential losses and a risk financing transfer
with respect to others. For example, a lease may excuse the tenant from
responsibility for any damage to the premises (risk control) and obligate the
landlord to finance any liability of the tenant to others arising out of
activities on the premises (risk financing).
Nothing in the above discussion implies that a risk control transfer is
costless for the transferor. Where a fixed price contract is used to
transfer the risk of possible increases in the cost of labor and materials to
a subcontractor, for example, the fixed price of the contract reflects the
value of the risks being transferred. Recognizing this point, rational
parties would be expected to transfer a risk only when the transferee
possesses a relative advantage in controlling or otherwise managing and
bearing the risk. Where the transferee is at a relative disadvantage, the
price of the transaction from the transferor's point of view is affected
adversely; the transferee charges too much to accept the responsibility for
managing the risk.
189
CHAPTER 8
Risk Control
RISK CONTROL, GOVERNMENT AND SOCIETY
Reasons other than self-interest motivate organizations to practice risk
control. A number of private and nonprofit organizations promote and
encourage risk control activities. Federal and state governments also promote
and encourage risk control, and in some cases mandate that risk control
activities be undertaken.
190
PART THREE
Risk Management Methods and Techniques
Private and Non-Profit Efforts
A partial listing of private and nonprofit groups active in the area of risk
control suggests the range of activities and services. The National Safety
Council is perhaps the most well-known of these groups. The Council includes
among its members individuals, business firms, schools, government
departments, labor organizations, insurers, and others. It assembles and
disseminates information concerning many types of accidents, cooperates with
public officials in safety campaigns, encourages the establishment of local
safety councils, and helps members solve their own safety problems. Other
examples are the American Insurance Association, an organization of insurers
that publicizes the extent and causes of fire losses, investigates suspected
cases of arson, grades municipalities according to the quality of their
exposures to fire and their protection against fire loss, and suggests codes;
the Underwriters Laboratories, another insurance-sponsored organization that
tests equipment (television sets, electric wiring, safes, etc.) to determine
whether it meets safety standards; the National Fire Protection Association,
which establishes standards and codes, stimulates local loss control
activities, and promotes fire safety, educates the public, and encourages
its members, including public officials, to adopt its suggestions; the
Insurance Institute for Highway Safety, which provides financial assistance
for other organizations engaged in traffic safety work and also provides
direct assistance in selected states; and the National Automobile Theft
Bureau, whose name indicates its concern. Individual insurers also maintain
engineering or loss control departments to study risks faced by their
insureds, and suggest ways in which these risks might be reduced. Insurers
also provide posters, films, pamphlets, and conduct safety classes.
Because unions are concerned with all matters affecting working conditions,
they also are active in loss control. Unions tend to strongly support
government regulations to improve workplace safety; they belong to the
National Safety Council and similar organizations, and they often demand new
or more intensive loss control from employers.
Governmental Efforts
Government is involved in loss control because (1) the public interest often
requires the government to enact legislation requiring all industries to
provide information, meet certain standards, and stop undesirable practices,
and (2) the government can provide certain services, such as those of fire
departments, more economically and efficiently than can scattered private
firms. The government exercises this responsibility through a variety of
educational efforts (pamphlets, posters, and conferences) and through
statutes and codes regulating building construction, working conditions,
safety equipment and safety clothing, maximum occupancy in rooms and
elevators, sewage disposal facilities, and the operation of motor vehicles.
This duty is met through inspections designed to enforce the statutes and
codes, by police and fire departments, rehabilitation programs, the
assembling and dissemination of statistical data related to loss prevention
and reduction, and by the conduct and encouragement of research activities.
Economists note that certain aspects of some risks lead to a demand for
government involvement. Two characteristics that should be mentioned are
externalities and public goods. Externalities are costs or benefits
that are not captured in the ordinary functioning of a market. Pollution is a
commonly cited example of an externality. A manufacturing firm may pollute the
environment/ harming a neighboring community. The cost to the community will
largely, if not completely, escape the pricing of the good produced by the
polluter.
A public good is a good or service that cannot be limited to purchasers of
the good. National defense is often cited as an illustration of a public
good. By its nature, a national defense is available to everyone, whether
they pay for that service or not. This inability to discriminate between
buyers and nonbuyers leads to a phenomenon known as the "free rider." Free
riders are those individuals or organizations that enjoy the benefits of a
good or service while avoiding the cost or price of that service.
In both cases, externalities and public goods, the government may be
expected to intervene to direct the costs of goods and services (or risks)
to the appropriate parties.
Perhaps the best-known government intervention in the realm of risk
management is the Occupational Safety and Health Administration. In late
1970, Congress passed the Occupational Safety and Health Act (OSHA), an
extremely important piece of safety legislation. OSHA applies to private
employers of one or more persons (the self-employed are exempted) engaged in
a business affecting interstate commerce, except for some employers subject
to special federal legislation such as the Federal Coal Mine and Safety Act.
About three-fourths of the civilian labor force is affected. Federal
government employees are covered under a separate federal program. State and
local governments historically have been exempt. States may assume
responsibility for developing and enforcing occupational safety and health
standards under plans approved by the Secretary of Labor. The state standards
must be at least as stringent as the counterpart federal standards. Many
states have developed plans that have been accepted by the federal
government. Indeed, many state plans impose standards that are stricter than
the federal law. For instance, federal law requires states that assume
responsibility for occupational safety and health to include governmental
entities as covered organizations under OSHA.
Under the Occupational Safety and Health Act/ the Secretary of Labor
establishes safety and health standards and enforces compliance with these
standards. Voluminous standards have been developed. Many are "consensus"
safety standards previously developed as voluntary guidelines for business by
private associations, such as the American National Standards Institute and the
National Fire Protection Association. Other standards are based on federal
regulations developed earlier for contractors and maritime industries. Still
others are new standards proposed by the Secretary after consultation with an
OSHA Standards Advisory Committee. Proposed new or revised standards must be
published in the Federal Register. Interested parties have 30 days in
which they can comment informally on the proposal. Affected parties also have
60 days after a standard is promulgated to challenge the standard before the
U.S. Court of Appeals. An individual employer may apply for a temporary
variance from a standard in order to have more time to comply. The employees of
such an employer must be aware that the employer has applied for this variance
and be allowed to appear at the hearing on the application. Illustrative
standards include:
1. All places of employment, passageways, storerooms, and service rooms shall
be kept clean and orderly and in a sanitary condition.
2. Portable wood ladders longer than 20 feet shall not be supplied to workers
(the standard on portable wood ladders alone fills more than 15 pages).
3. In the absence of an infirmary, clinic, or hospital in near proximity to
the workplace which is used for the treatment of all injured employees, a
person or persons shall be adequately trained to render first aid.
To check compliance with these standards, federal inspectors have the right
to enter without notice, but at reasonable times, any covered establishment.
An employee can also request such an inspection by describing in writing what
he or she considers to be a serious violation of some standard. The name of
the complaining employee may not be revealed to the employer. During an
inspection the employer and an employee representative may, upon request,
accompany the inspector. As a result of a court decision in the late 1970s,
an employer can require the inspector to obtain a warrant for the search.
If an inspector discovers a violation that is more than de minimus, the
inspector is directed to issue a written citation decribing the violation
(de minimus means no direct or immediate relationship to job safety and
health, e.g., no toilet partitions). This citation must be posted near the
location of the violation. Within a reasonable time the employer must remove
the hazard.
If death or serious physical harm could have resulted from the violation, the
citation means a mandatory penalty up to $1,000. Less serious violations may
entail smaller penalties, but the penalties still can range up to $1,000. If
the employer fails to correct the violation within the time stated in the
citation, he or she may be penalized up to $1,000 each day the
violation continues. Penalties of $10,000 per violation may be levied for
willful or repeated violations. If a willful violation results in the death of
an employee, the employer is either fined $10,000 or imprisoned up to six
months. These penalties are doubled if such a fatal willful violation is
repeated. An employer can appeal citations before a judge acting on behalf of
the three-member Occupational Safety and Health Commission, which administers
the safety standards portion of the act. Any one of the three commission
members can demand a review of the judge's decision by the entire commission.
Commission orders may in turn be appealed to the U.S. Court of Appeals.
In addition to meeting certain health and safety standards, employers of
eight or more employees must maintain and make available to government
representatives accurate records of work-related deaths, illnesses, and
injuries that cause the employee to miss work. These employers also must
maintain records of injuries without lost workdays that result in medical
treatment beyond first aid, diagnoses of occupational illness, and injuries
involving loss of consciousness, restriction of work or motion, or transfer
to another job.
Under a High-Risk Occupational Disease Notification and Prevention bill, also
known as the "Right to Know" bill, the Department of Health and Human Services
identifies hazardous substances and notifies current and past employees who
have been exposed to these hazardous substances. Private employers
193 are required to pay for medical screening of these employees and either
provide chapter 8 other employment for a worker with an
occupational disease or permit the Risk Control worker to
resign and receive one year's salary. Many employers object to the high costs,
including workers' compensation costs/ that this program imposes.
OSHA requires that employees be notified of their rights under the law. They
must also not be discharged or harassed because they exercise these rights.
In the 1993-1994 session, both houses of Congress began considering several
major reforms of OSHA. Although it is impossible to describe the outcome of
these deliberations, certain features appear likely to emerge. First,
employers may be required to take further steps to promote workplace safety,
including the development of safety plans and the creation of safety
committees to oversee the execution of safety plans. Reporting procedures
are likely to change as well. The biggest change is likely to occur in the
area of inspection and enforcement. Under various proposals,
responsibilities for compliance may shift to the employers. For instance, it
is possible that employers will be required to contract with a private
inspection service and submit to an inspection—the report of which would be
submitted to OSHA. Such a reform measure would allow OSHA to reduce its own
inspection activities, while actually increasing the amount of safety
inspecting that would be done.
As a final note, readers should be made aware of the great difficulty risk
managers can face in keeping abreast of government mandates. At any given
moment an organization may be required to understand and comply with dozens
of regulatory mandates pertaining to risk control. Further, new directives
and laws are emerging all the time, so risk managers need to spend a certain
amount of time studying legislative activity. For example, between 1994 and
1998, most governmental risk managers will face over 20 new regulatory
requirements (PRIMA, 1993). A partial listing of those requirements
includes:
1. Five compliance provisions arising from the Americans with Disabilities Act.
2. Four new compliance directives from the EPA covering underground storage
tanks.
3. Three new requirements promulgated by the EPA for municipal solid waste
landfills.
4. Two new EPA requirements for the control and disposal of sewage sludge.
5. A special OSHA directive for working in confined spaces.
6. A second OSHA requirement covering the reporting of workplace injuries and
illnesses.
7. Two new Department of Labor requirements arising from the Family and
Medical Leave Act.
8. Two IRS directives which apply to pension nondiscrimination rules.
Key Concepts
risk control Those techniques, tools, strategies and processes that seek
to alter the organization's exposure to risk by
avoiding, preventing, reducing, or otherwise controlling the frequency
and/or magnitude of risks and losses or gains.
194
PART THREE
Risk Management Methods and Techniques
subrogation The legal transfer of a right, discussed in this chapter as a
loss reduction tool.
catastrophe management plan An organization-wide loss reduction plan for
controlling the indirect, consequential, and time element losses associated
with a catastrophic event.
information management (as a risk reduction tool) The use of information
for the express purpose of reducing uncertainty, or for enhancing stakeholder
awareness or knowledge of organizational risks.
the Occupational Safety and Health Administration (OSHA) A significant
government program that promulgates and enforces workplace safety standards.
risk selection The control technique best described as the conscious
acceptance of risk in accordance with an organization's overall goals,
objectives, and risk-taking philosophy.
risk financing Those tools and techniques used to finance the cost of
risks and losses.
risk avoidance A risk control technique whereby a risk is proactively
avoided or abandoned after rational consideration.
loss prevention Those strategies and activities intended to reduce or
eliminate the chance of loss.
loss reduction Those activities that minimize the impact of losses that
do occur.
the risk chain A simple model of accidents that interprets those
accidents as consisting of five elements or "links":
the hazard, the environment, the interaction, the outcome, and the
consequences.
Review Questions
1. Distinguish between risk control and risk assessment. How are they related?
2. What is the relationship between risk control and risk financing?
3. Give three examples of how risk avoidance might actually harm an
organization.
4. How is proactive avoidance different from abandonment?
5. Consider some current event in which a loss has occurred, for example.
Hurricane Andrew, the Los Angeles riots, the earthquake in Cairo, Egypt.
Using the risk chain concept, break the event down into:
a. The hazard
b. The environment
c. The interaction
d. The outcome
e. The consequences.
6. With respect to the event you identified in question 5, does this analysis
suggest any possible risk control activities?
7. Classify each of the following as to whether they are loss prevention or
loss reduction activities:
a. Oily rags and paper are cleaned up or disposed of each day.
b. Nonslip treads are placed on each stairway.
c. Brakes on delivery vehicles are inspected each week.
d. Safety meetings are held each month.
e. A take-over target is evaluated for its past risk management activities.
f. Machines are equipped with safety guards.
g. All key employees are required to take an annual physical evaluation.
h. A new product is manufactured during a slack period.
i. Board of director decisions are recorded and documented.
8. Describe briefly the responsibilities imposed on employers by OSHA.
9. Why is separation considered a loss reduction activity? |