Printer Friendly

Risk management: how to protect your assets and limit loss.

RISK Management: How to Protect Your Assets and Limit Loss

Protecting investments is a concern for every business. Whether assets are physical (inventory, property, plant, equipment), people or financial, management should anticipate the risk of loss. The challenge for each business is to manage the risk of any major loss in the optimum manner for the company. An internal or external auditor examining a business's internal control system needs not only to judge the reliability of an entity's accounting information, but also has a responsibility to judge administrative controls.

Many staff level and higher professional level accountants and managers are not able to identify the risks which are possible for a business. Risk manager is an internal job description given an individual who oversees the organization's risk. A major loss could place an organization into a "going concern" position.

The purpose of this article is to provide an overview of risk management and its functions.

Risk Management

Risk management started with buying insurance for the business. "Historically, risk management has consisted of obtaining enough insurance coverage to properly insure the plant, property and other items for which there was a risk of loss, in addition to implementing an employee safety program. The management of risk, however, largely involved financing the risk rather than avoiding losses or managing them."(1) In recent years, risk management has evolved into a distinct profession involved in assessing the ways to limit the effects due to risk of loss. Risk management has been defined as "the process of planning, organizing, directing and controlling the resources and activities of an organization so that the possibility of loss or injury is reduced to the lowest possible level at the lowest cost."(2)

Risk Manager's Functions

To accomplish the objective of reducing losses and keeping their cost low, the risk manager performs five functions. These are:

1. Identify and evaluate the sources

of significant risk of loss; 2. Eliminate or reduce such risk

wherever practical; 3. Transfer some or all of the risk to

another party -- often an

insurance company; 4. Assume the remaining risk

within established guidelines; 5. Monitor results.(3)

In executing the above tasks, the risk manager's judgment is involved in reaching a decision on how to best manage the risks. Risk by definition is an event that may or may not occur. There is no certainty whether an event will take place that would result in a loss. The risk manager uses experience to decide the best manner to handle a given risk. For an established company, the risk manager draws from the company's history and professional background to anticipate what might happen in the future. A risk manager can apply techniques such as probability, statistics and decision trees to determine the likelihood of a risk of loss occurring in the future.(4) For a new company, the risk manager must envision events that might occur for that company.

Identify Risk

The first task of a risk manager is to identify, analyze and assess possible risk. This process includes exposure to property damage loss, human loss and financial loss (caused by situations such as business interruption or liability suits) to which the business could be subjected. Risk varies from company to company and from industry to industry. For example, a pharmaceutical company will be subject to product liabilities that service companies will not have to consider.

The following activities can help identify risk:

* Physically inspect major

properties. * Interview key staff and

operating executives. * Study company financial reports,

10-K statements and other

significant operating and financial

material. * Review major requests for funds

from operating units. * Review contracts, leases, and

similar documents. * Review reports of insured and

self-insured losses. * Review minutes of board

meetings and management

committee meetings. * Establish dollar amounts for

direct and indirect loss potentials.(5) * Completion of an appropriate

internal control questionnaire. * Read existing insurance policies.

Physical Inspection Of Major Properties

The physical inspection of major properties allows the manager to visualize the information presented in reports and financial statements. It also allows the opportunity to investigate whether that information is accurate and/or complete. During the inspection, the risk manager can check physical hazards, protection of assets and security. For example, how are flammable inventories stored? Where are the inventories located? How available are additional inventories if needed? An outside expert such as the company's insurance agent could be used for additional advice.

Interview Key Staff

The risk manager can benefit by interviewing key staff, operating executives and other employees. The people involved in the operations of the company have a good idea of potential hazards which exist in their area and the likelihood of occurrence. They know the assets of the company under their control and types of losses which could occur to these assets.

Study Financial Reports

By studying the company's financial reports, the manager can make a better determination of risk to the company. It gives the manager another check that no property was overlooked in the physical inspection process. The balance sheet and the income statement can be sources of information for the manager. Is the company financially solvent? What is the current ratio?(6)

The income statement will be the starting point in finding answers to questions to aid the manager in the process of risk identification. By digging deeper into accounting records, more useful information may be found. For example, are sales dependent on a few customers? Is there a great percentage of foreign sales which could be interrupted due to political situations? If rental income is shown, have potential losses to that rental property been examined? If rental expense is shown, has the lease been examined?(7)

Review Major Requests For Funds

Departments of the company may have requested funds for major purchases or projects. By reviewing such requests, the manager will be able to better forecast the insurance coverage or other risk management strategies necessary. The manager will want to know about new asset purchases and its use.

Review Contracts, Leases And Similar Documents

Documents such as contracts and leases should be studied to detect the existence of agreements in the document which could give the company additional liabilities or risk. An example is "hold harmless" clauses.

Review Reports Of All Insured And Self-Insured Losses

The review of reports of insured and self-insured losses provides the manager with information about areas of the company which experience loss as well as the frequency and severity of losses. This type of information alerts the manager to those areas which may require more attention to find ways to reduce, transfer, eliminate or retain the risk.

Establishing Dollar Amounts For Direct And Indirect Loss

After the risk of loss has been identified, the manager should place dollar amounts on losses. In arriving at the amount, the manager should consider what the total loss would be if the event were to occur. This would include physical loss as well as loss of income due to business interruption or any other additional expenses that would occur.

Review Minutes Of Board Meetings and Management Committee Meetings

Reading the minutes of meetings is another method available to the manager to identify the type of risk the company could experience in the future. By knowing about the plans the Board of Directors has for major purchases, expansion or changes in operations, the manager will be in a better position to predict the future risk management needs of the business.

Completion of an Appropriate Risk Coverage Internal Control Questionnaire

An internal control questionnaire should be developed for each department of the company involved with the management of company assets. The questionnaire should address these seven internal control objectives:

1. Are all transactions valid? Did

the transaction really occur or is

it fictitious? 2. Have all transactions received

proper authorization? 3. Are the records of all

transactions complete? Have they all

been recorded? 4. Are all transactions properly

valued? Have the proper amounts

been recorded? 5. Are the transactions properly

classified? Are items recorded in

the correct place? 6. Have the transactions been

recorded at the proper time? Is

anything reported too late or too

early? 7. Are transactions correctly posted

to subsidiary ledgers and

correctly summarized in financial


Good internal controls will reduce the risk of loss due to theft or employee defalcation. Questions should especially address concerns regarding proper cash management.

Eliminate or Avoid Risk

After measurable loss is assessed, the next step is to try to eliminate avoidable loss. Management needs to measure the benefits of their decisions against the cost of eliminating risk. For example, a company trying to decide whether to build in an area known to experience earthquakes or floods needs to weigh the benefits of locating in that area against the risk of damage, or complete loss. Sometimes companies determine that some products are not worth manufacturing solely because of the liability risks involved. For example, a manufacturer may decide against producing a chemical product which poses too great a threat to humans or the environment.

Reduce Risk

The methods used to reduce risk will depend on each company's unique situation. This is where the risk manager must use creative abilities to reduce the chance of occurrence and costs of an identified risk. For example, a sprinkler system could be installed to reduce the spread of fire. This differs from risk avoidance where the risk is totally eliminated. In the case of a sprinkler system installation, the sprinkler system will help reduce the damage caused by a fire, but it will not avoid the possibility of a fire occurring. A management action is taken to reduce the severity of a specific risk.

Another example of risk reduction is a company-wide safety awareness program. Training employees in proper safety procedures reduces injuries to employees which in turn reduces workers' compensation insurance costs. This involves such actions as proper use of equipment, keeping areas free of debris and precautionary handling of hazardous materials.

Some companies provide health and physical fitness for their workers as a way of reducing employee stress, illness and injury. This involves offering exercise classes and health facilities for employees. Companies have found that such programs may reduce employee absences and health care costs.

A fourth example of risk reduction involves the appropriate safeguarding of assets. Security against theft of company assets and strong financial internal controls are obvious ways to reduce risk. Examples of specific activities to reduce the risk of losses involving employee defalcation include hiring competent employees, controlling the access to the assets of the business, segregating the duties of employees to create checks on each other and periodic comparison of assets to the records.

Risk reduction plans have to be customized for each company. The risk manager must analyze each identified risk to determine what can be done to reduce the chance of experiencing a loss. Since it is impossible to eliminate all risks, the remaining risks must be dealt with in some other manner.

Transfer of Risk

A third risk manager function is to study the transfer of risk to someone outside the company. Usually this means transferring to or sharing a specific risk with an insurance company. This is the first method of risk transfer that is thought of when risk management is mentioned.

Other methods of transferring risk are by the use of "...suretyship, hedging (use of commodity markets and puts and calls), guarantees and warranties, type of business ownership, and hold harmless agreements."(8)

Under a hold harmless agreement, one party to a contract assumes the specified liability of the other party. For example, the owner of a building can be held harmless for liability in a lease agreement. A hold harmless clause that may benefit one party may be costly for the other party. Therefore, contracts, leases and other similar documents should be entered into with an awareness of risk management.

Retain Risk

A fourth task of risk management is for the company to have a financial mechanism to handle some of its risks. This area of risk management has substantially increased because of rising insurance costs and lack of appropriate insurance coverage. The degree to which a company will retain its risks depends on the individual company's management philosophy and ability to self insure. How much liability a company can afford to cover by itself is a critical question each organization must ask. For some companies, this will mean establishing a self insurance mechanism. For other companies, it means an election of an insurance policy with a deductible provision. In other cases, the loss may be so small that if it occurred, it would be of little consequence to the company, and so the company deliberately chooses to absorb the risk.

A company needs to analyze the variables involved to determine what is best for it. This includes looking at the frequency of a loss occurring and the amount of the probable loss. The company then needs to select the best combination of self insurance and external insurance coverage for its operations, always keeping in mind that the benefits of the action should be greater than the costs.

In recent years, new developments have occurred in self insurance mechanisms due to the high cost of insurance or difficulty in finding insurance. These self insurance programs have arisen as alternatives to the traditional insurance policy. These include captive insurance subsidiaries, group captives and risk retention groups. Before entering into this type of situation, research must be done on the costs involved and what types of businesses have groups available. Some companies have found the groups to be very beneficial while others have found it to be an expensive undertaking.

Monitor Results

The final function occurs after the risk manager reaches a decision as to the method of dealing with each type of risk; decisions should then be monitored to determine whether any changes should be made. This involves monitoring the amount of risk retained by the company. Has the self insurance fund been adequate for the amount of losses actually experienced? Accounting information must be studied to determine whether the company has lost more money due to the increased deductible -- or saved money due to decreased insurance premiums -- if the company has elected a larger deductible on insurance policies. Records kept by the risk manager become the data for statistical calculations by the risk manager for future decision making. Since decisions made by the risk manager are not static, they must be monitored by the company as the environment changes. The risk manager should be aware of all external and internal changes and how those changes will affect the company. Internal changes such as remodeling or construction projects could change the insurance rates or insurance class. External events such as new anti-pollution laws could affect a company by requiring it to clean up damage to the environment.


It is paramount today, given our litigious society, that risk management be thoroughly understood and practiced.


(1)Dillon, Ray D., William R. Feldhous and Rod P. Farrell, "A Special Area of Service: Risk Management," Journal of Accountancy, February, 1984, p. 50. (2)Ibid. (3)Radziewicz, Thomas C., "Making Changes," Business Insurance, January 12, 1987, p. 41. (4)Greene, Mark R. and Oscar N. Serbein, Risk Management: Text and Cases, 1978, pp. 44-48. (5)Ibid. p. 14. (6)Rothermel, Michael A. "Understanding Risk Management and Your Client's Business Insurance Needs," Presentation at the West Michigan Accounting and Auditing Symposium, Grand Rapids, Michigan, June 2, 1988. (7)Greene, pp. 76-77. (8)Ibid. p. 14.

Donald J. Klein is a professor of accounting at the F. E. Seidman School of Business at Grand Valley State University in Grand Rapids, Michigan, where he holds the L. William Seidman Chair in Accounting. He received his doctorate degree from Michigan State University, his MBA from the University of Detroit and his BS from Rockhurst College in Kansas City. He was one of the first in the nation to receive a CMA certificate in 1973 and received his CPA certificate in 1976. A member of the American Accounting Association, American Institute of Certified Public Accountants, National Association of Accountants and the Michigan Association of Certified Public Accountants, he has written several professional development seminar manuals and has published in several professional journals.
COPYRIGHT 1991 National Society of Public Accountants
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1991 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Klein, Donald J.
Publication:The National Public Accountant
Date:Dec 1, 1991
Previous Article:Investing in tax preparation software: as easy as 1-2-3.
Next Article:A survivor's guide ... to tax-free exchanges of life-kind property.

Related Articles
Risk Management Is a Necessary Tool for Protecting Satellite Owners-Users.
Covering your assets.
Individual's risk management.
Absolutely, probably, possibly, maybe -- but what if?
Ask FERF (financial executives research foundation) about ... managing business risks. (Resources).
Managing risk in the storage environment: the realities of risk.
Hedging operational risk: if only you could turn back time! Investors in hedge funds now have protection against major meltdowns.

Terms of use | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters