Printer Friendly

The evolution of risk management.

Risk management is best understood through its history. The period from World War II to the mid-1960s was a formative one, characterized by burgeoning enterprise and creativity on the part of business-people, inventors and lawyers. New risks appeared, old ones were aggravated and, impelled by risk managers' responses to them, the risk management function evolved apace and gained its title and a core definition.

When insurance was used by corporation management only for financing certain losses, the contract was bought and administered by a member of the finance staff known as the insurance buyer. As loss exposures increased, the insurance buyers developed their skill at patterning and administering the contract. This required more cooperation from other departments. As a result, insurance buyers began to use the more descriptive and upscale title "insurance manager" in order to get the cooperation they needed.

As enterprise continued to expand and diversify, insurance managers expanded their duties by examining company operations for serious uninsured risks and loss prevention opportunities, suggesting changes in operations in order to avoid risks, recommending hold-harmless clauses in certain contracts, getting deductibles and declining to insure some bearable risks.

In 1955 Wayne Snider, professor of insurance at Temple University, suggested that since insurance managers were now focusing on risks and ways to control them, rather than merely purchasing insurance, they should be called risk managers. And in 1956 practitioner Russell Gallagher, writing in the Harvard Business Review (Vol. 34), introduced the term risk management to business organizers. Some purists suggested that the term risk manager properly belonged to chief executive officers (CEOs), but no CEO showed interest.

However, the term was so impressive that various outsiders claimed that, as stock brokers, investment counsel, physicians, boards of health or lawyers, they too were risk managers.

So the terms became buzz words, which obfuscated their meaning but attested their elegance - to the benefit of risk managers and their mission.


In the 1961 edition of the book Insurance, Its Theory and Practice in the United States, author Ralph Blanchard, retired professor of insurance at Columbia University, proposed that the field of risk management is that of "pure risks," meaning risks offering the possibility of loss or no loss, as contrasted with "speculative risks," which offer the chance of loss or gain and are the domain of entrepreneurs, boards of directors and CEOs. Being clear-cut, brief and of respected authorship, the "pure risk" term came into use, particularly when it could be used to explain the risk management discipline to laypersons. In addition, the fine delineation of the risk management field between loss-or-no-loss risks and loss-or-gain risks added to risk managers1 confidence and to the respect others had for the job, both inside and outside the corporations.

A year later, in the September 1962 issue of the National Insurance Buyer, the predecessor to Risk Management, this author submitted that each of the insurable risks to which an organization is exposed should be seen as a cost composed of the interrelated factors of cost of loss prevention, insurance premiums, losses sustained net of indemnities from insurers and third parties, and expense of administration; and secondly, that the objective of risk management should be to minimize the cost of the risks by changing the amenable factors as appropriate, e.g., in many cases sprinkles would substantially reduce the cost of the fire risk.

Because of my article, I have been given credit for the risk-cost concept, but David Warren published an article on the subject at about the same time as mine (see the Winter 1962 Annals of the Society of Property and Casualty Underwriters), and he too should have credit.

The risk-cost concept is mathematical in principle, but since some of its factors cannot be accurately forecasted or measured, a precise net total cannot be calculated. However, since the factors can be estimated, it provides practical direction for the risk manager's efforts. Also, the minimizing of the cost of the loss-or-no-loss risks of the enterprise was an objective that insiders and outsiders could readily grasp and remember, and a core definition of risk management. Every year since 1979 Tillinghast and RIMS have published jointly the Cost of Risk Survey, which has improved the status of risk managers and given them material for fruitful discussion of their function with other people, notably the CEO when occasion arises.

The formative period saw the incorporation in 1950 of an association of corporate entities, the National Insurance Buyers Association Inc. (now known as The Risk and Insurance Management Society [RIMS]), to serve their common interest in the control of risks of loss. There followed in 1954 the establishment of the association's journal, the National Insurance Buyer, the first annual conference of the association in 1963, and the launching of the association's Risk Management Education Program in 1965. The association has grown in membership, and activity has been a powerful aid in the development of risk management in scope, skill and status.

By their response to the challenges during this formative period, risk managers gained direction and form for their job, including line authority over insurance, and staff authority in loss prevention, risk avoidance and contractual risk transfer. They developed the basic discipline of special knowledge and skill that would constitute risk management as a distinct function, and they set up organizations that would sustain and advance the function and help give it visibility in academic, government and press circles. It was a happy period.


The period from the mid-1960s to the present has been one of new challenges: the risks that result from scientific research and engineering inventions, notably the risks of space exploration and of computers; developments in the law of liability, especially professional liability and that of auditors and corporate directors and officers; and matters of more detail, such as the laws the risk manager ought to know in order to collaborate with defense counsel in the minefield of liability suits. Risk managers have responded actively and creatively to these challenges. Captive insurers have multiplied and methods of loss financing alternatives to insurance have been tested. There have been extensive developments in risk management education - including university courses - and some risk managers have been promoted to division-head level, sometimes with added duties.

There is no pre-ordained concept of risk management; no legislation or regulation defines it and thereby fixes its field or its action. Its protagonists are the people known as risk managers, and they have developed the function through their initiative and creativity. In the process they have occasionally been helped by theory, but never deterred by it. In brief, risk management means what risk managers do.

Some risk managers are restive about their place in the corporate organization, and some question the limits of the field of risk management, as do some consultants and teachers and the domain of business management. But whatever the motivation of risk managers, and the restiveness and questions about the possible scope of risk management methods and thinking, risk managers' only authority over the control of risks by loss prevention and such came from the leverage of their line control over insurance, and therefore their field became that of insurable risks.

On a strict reading of his text, Dr. Blanchard's definition of the field seems to include uninsurable risks, and because of his authority this was an issue that had to be dealt with. This author's analysis confirmed the factual confinement of the field to insurable risks. The reader is spared the record of it because it was not only analogous to proving that water runs downhill, but also because the evolution of risk management into a wider field might make it irrelevant.


The perception of risks is the prime duty of a risk manager. In an article in the January 1989 issue of this magazine, Dr. Snider signals the increasing importance and difficulty of that duty, and he recommends special training for it. Examples of the difficulties of that duty include the early perception and appraisal of the risks of climatic change and overpopulation. To such threats, responses of private enterprise and governments are heard, and they are mixed; but if that state continues and risk managers have prepared their response to the threats, it will be heard, and one hopes that the recommended course of instruction will have been made available to help them.

Losses commonly carry secondary consequences that are not insured against and are usually not accurately measurable. This principle was established by H.W. Heinrich of the Travelers Group through research on the uninsured loss consequences of industrial accidents, which he reported in a 1931 book, Industrial Accident Prevention - A Scientific Approach. That was the source of the now wellknown 4:1 average ratio between the uninsured cost of industrial accidents in the United States and the insured payments pursuant to workers' compensation law. While new research would probably modify the ratio for the industrial accident costs in the various types of industry, the significant point is that the Heinrich Principle applies to risks generally and not just to industrial accidents and should receive consideration accordingly.

The prindple of the remote consequences of mismanagement of risks is brought out in a 1990 position paper in which The American Risk and Insurance Association makes a case for special instruction on risk management in the schools of business. The text shows how an "entity's operational goals can be adversely impacted by less than optimal decisions."

For example, these decisions may result in excessive time spent by company managers and boards in dealing with unanticipated losses, thus distracting from strategic concerns; credit ratings and firms' costs of capital adversely affected; cash flows, profitability and growth reduced due to suboptimal pricing structures necessitated by concerns over risks; and strategically desirable projects not implemented due to inadequate abilities to manage associated loss exposures. And in the April 1991 issue of Risk Management magazine, Dr. Michael k. Smith and Dr. C. Arthur Williams Jr. make a valuable contribution to the subject, under the title

"How the Corporate Risk Manager Contributes to Company Value."

There is an often-overlooked consequence of good risk management, namely, that the better the risks are managed, the less they cost and the less they trouble the corporation's operations and reputation, and therefore the less the CEO hears about the good risk manager.

Computers have radically changed the scene for risk managers. They have had a surprising effect, like printing and radio when these were new making it easier and faster to get information and manage recordkeeping.

They help risk managers do a better job. And they have also brought new risks, some of high challenge to perception and control.

Most of the services provided by RIMS to its members are staff services, but the Society also renders direct risk management services through representations to legislative and regulatory bodies, and amicus curiae briefs to courts, where issues of insurable risks, insurance and relevant taxation are being considered. Some such examples include: retroactive law, as in "strict liability" and the Superfund Act, where a producer or an insurer may be hit with heavy unforeseen liability without the possibility of retroactive product pricing or insurance premium tariffs to cover it and stimulants of litigation -- - punitive damages, costs unawarded, uncontrolled juries, contingent fees and again retroactive law - which at great expense and much waste foster the socially destructive and pervasive adversarial syndrome. The foregoing facets of the law are proper subject for treatment by a scholar of political philosophy, under the rubric of the Rule of Law; and a polemic would probably be salutary.


To cite a venerable text: "Change and decay all around 1 see." New risks come out of change, and in ecological decay there is menace. Risks are increasing and therefore so is the importance of the risk manager's job of managing the defense against them, and the need for special skill and appropriate authority.

The risk manager's authority is delegated by the CEO directly or indirectly (i.e., through another officer). But between indirect delegation and the objective of minimizing the cost or the impact of the risks, there is, in the author's opinion, an implicit contradiction; and for reasons that follow, to accomplish the objective requires that the risk manager answer directly to the CEO and that he or she be one of the division heads who constitute a committee that meets with the CEO to discuss operations.

The CEO should have timely notice of risks of loss inherent in projects that are under study, such as acquisition of another company, rental of satellite service or purchase of a new patent. Some risks of loss are not evident, and a skilled risk manager is more likely than a layperson to perceive them. Only with timely notice of a project can the risk manager give timely notice of its risks; but he or she may not get such notice if it has to come through an intermediary who, furthermore, may not be attuned to details that to a risk manager signal danger.

It is also important that the risk manager be skilled and on staff. To do his or her job in the ordinary course of corporate operations (as well as in respect to projects), the risk manager must have an insider's knowledge of what is happening in the corporation and what is in the grapevine. Vis-a-vis other officers and employees of the corporation, as well as outsiders, the risk manager must have the moral status of an insider. And further, between a skilled risk manager on staff and the account executive of the insurance broker he or she deals with, there will normally be a lively sense of competition that can be of special value to the corporation, each person being a challenge to the other and providing a check upon the work.


The foregoing picture does not eclipse early signs of a testing and reassessme nt of risk management. Questions are constantly simmering about the future of the r isk management principle and that of risk managers. Why are there now courses on risk management in university business administration curricula? Why is it that, during the recent years of economic depression when some corporations even dismissed their risk managers, RIMS' membership continued or increased, and likewise attendance at RIMS conferences (annual and regional) remained steady or increased, even though both require fees in addition to the annual membership dues?

Are these things explained by an increased awareness of the importance of loss risks and their management? Or, while the risk management concept was developed in the managing of insurable risks, is it a new principle applicable to management generally? Or, in awareness of the threats in overpopulation, climatic change, and the global integration of economics and politics, do some corporate directors and CEOs have in mind to give risk managers who have proven their ability to deal with uncertainties, a chance to be heard on issues of import wider than the management of insurable risks? The author disclaims prophetic bent to answer those questions, but affirms the belief that the answers will come by evolution, rather than by seismic shakedown.

In the evolution of the risk management function there has been a fruitful circular process between action and theory. The advances that have stood the test of survival have been ventures or experiments rooted in experience; and future development and expansion will almost certainly come about in the same way. (The risk-cost thesis mentioned early in this article was the answer to the question "What am 1 trying to do?," not to the question "What should I be trying to do?")


Regarding the possible steps in the development of the risk management function, in some corporations these stages have already been reached, whatever the job titles. Risk management is commonly viewed as a passive service, one that permits line managers throughout the corporation to do their own jobs, with minimal concern about accidental losses. But there is the possibility for the discipline to render a more active service.

One example is when a CEO is considering a certain area - almost anywhere in the industrialized world for a new factory or other facility, and secrecy is not involved, the risk manager should be able to get information about factors such as climate, risk of earthquake and flooding, water supply, power, fire brigades and police protection, facilities for communication and transport, labor conditions, availability of housing for employees, competition and the risk of liability for pollution of land and environment. Through relationships with other risk managers, insurance brokers and insurers, a risk manager can usually get this information fairly quickly.

To entrust the risk manager with additional responsibilities should improve his or her service in all respects. These added responsibilities might, for instance, include line authority in the matter of security, a watching brief on governmental and other regulations or, if the risk manager is qualified, as legal counsel for the corporation.


CEOs should recognize that risk managers' skill and experience in perceiving and managing risks, and their detailed knowledge of corporation operations, qualify them well for the useful role of Devil's Advocate - the person with whom to discuss projects and operations. This could be tested on an occasional basis; and whatever the outcome, the experience would help the CEO appraise the ideas in reducing loss and managing uncertainty.

Quality control is risk management in a particular area, and it would fit into a risk management department that had appropriate status in the corporate organization. Some of the loss risks of enterprise are insurable. Many of the losses caused by employees are not: an example is waste, in its many forms. The frequency of business failures and retrenchments, even in easier economic times than the present, makes one wonder whether, with their detailed knowledge of company operations and their skill at targeting causes of loss, risk managers might not be of help in reducing the cost of some of the uninsurable losses, via study authorized by the CEO, into areas of apparently unusual loss.

In the light of the practices and theories of risk management and the classic definition of risk as uncertainty of loss, it becomes clear that the risk management discipline, as it has grown and now stands, is a particular expression of the principle of enterprise itself- that profit is to be made from the management of uncertainty. And therefore I suggest that CEOs and other planners give thought to using risk managers' skill in perceiving business risks, and in taking calculated risks.
COPYRIGHT 1993 Risk Management Society Publishing, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1993 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Barlow, Douglas
Publication:Risk Management
Date:Apr 1, 1993
Previous Article:Bringing risk management into the boardroom.
Next Article:Phantom risk: scientific inference and the law.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters