Risk management as a formalised discipline has been around for at least 100 years. It has its early origins in the specialist activity of insurance, which can trace its history back for several centuries.
As insurance became more formalised and structured, the need for risk control standards increased, especially about the insurance of cargo king transported by ships around the world.
Perhaps one of the earliest developments in this field was the introduction of the Plimsoll Line’ to indicate the level of cargo that a ship could safely transport without being dangerously overloaded.
As it evolved, risk management education programmes arose to support the profession’s growth. Various authorities were granted increased jurisdiction over certain concerns (such health and safety) and also specific economic sectors at this time (such as financial institutions). In the 1980s, risk management degrees grew more structured.
Standards in risk management emerged as a result of improved education and regulatory framework. The AS/NZS 4360:1995 standard for risk management was one of the first to take a complete approach. In addition to the fundamental risk management rules that apply to all businesses, specialised risk management methodologies have arisen, especially in finance.
The emergence of regulated capital requirements for banks and insurance companies indicated the increased level of risk management maturity required of financial institutions.
The corporate risk management role in the United States during the 1950s became an extension of insurance purchasing decisions. During the 1960s, contingency planning became more important to organisations. There was also an emphasis beyond risk financing on loss prevention and safety management.
During the 1970s, self-insurance and risk mention practices developed within organisations. Captive insurance companies also started to emerge. Contingency plans then developed into business continuity planning and disaster recovery plans.
Areas of Risk Management
Risk management is a constantly developing and evolving discipline. As well as its origins in the insurance industry and other branches of hazard management, risk management has strong connections with the credit and treasury functions. Many functions within large organisations will have a significant risk management component to their activities, such as tax, treasury, human resources, procurement and logistics.
However, it is unlikely that specialises in those areas will consider their activities as simply a branch of the risk management discipline. Perhaps one of the best known and specialist areas of risk management is that of health and safety at work. Another specialist area is that of disaster recovery planning and business continuity planning.
Also, there is no doubt that quality management is a very well developed branch of risk management, given the high profile attached to quality management systems, such as ISO 9000. Additionally, other specialist areas of risk management have developed over the past decades, including project risk management;
• clinical/medical risk management;
• energy risk management;
• financial risk management (FRM)
• IT risk management.
The development and use of risk management (RM) tools and procedures have been greatly influenced by all of the aforementioned speciality areas. Risk management methods and practices are very well developed in Project RMT. Prior to this discussion, project RM’s focus is on controlling or managing uncertainty or risk.
It’s been a while since we’ve heard about clinical risk management (CRM). Patient care is the primary focus of this risk management sector, especially during surgical procedures. Risk management systems have been implemented as a result of the high cost of medical malpractice lawsuits and the unavoidable delays in receiving insurance payouts.
Patient education is an important part of clinical risk management, especially when it comes to procedures that may pose a risk. As a result, surgeons must also disclose any events that may arise during the procedure.
CRM has placed a lot of emphasis on the need of reporting any problems that occur in the operating room in a timely way. Clinical risk management is the subject of a wide range of publications, and a considerable lot of effort has been invested into developing the essential systems and processes.
Operations, market, credit, and other financial hazards are all part of risk management in the financial sector. The term “Chief Risk Officer” was originally used in the financial industry. RM tools and practices have also gained traction in the energy industry.
Some companies in the energy business are more concerned about the future price of energy and exploration risk than RM is concerned about. As a result, the RM process resembles that of the treasury department, where risk management is based on sophisticated financial procedures such as hedging.
Another well-developed and specialised aspect of this issue is the management of IT risks. Data management and data security have become increasingly important to organisations, and as a result, particular standards for IT risk management have been developed. COBIT, which is related to the COSO standard in many ways, is a well-established risk management standard.
Risk management is not a “cure all” and it should never be viewed as such
Your risk management best practices may differ from those of your customer. At the very least, you should demonstrate how your processes and best practices align with those of your customers and fix any disconnects. This should be done as soon as possible to avoid any misconceptions or potential complications.
Do not just assert that your processes and best practices are superior to those of your customer without presenting evidence. I’ve observed similar behaviour aimed against a client in a public forum on many occasions, including twice from the same individual.
As a result, the firm suffered a significant loss of trust in the eyes of a very key customer. Rather than that, even if your risk management process and best practices are better to those of your client, collaborate with them to the degree feasible to assist them to understand your process and best practises and to improve theirs as necessary.
Risk vs Likelihood
Both the probability of an event occurring and its repercussions are taken into account when calculating risk. Using only one of these two words is not suitable when discussing the risk. You should avoid using language such as “probability” and “consequence” when discussing a risk since these terms imply that a risk is only constituted of one of two things: a probability or an impact.
In order to minimise confusion, duplicate information, and erroneous findings, it’s best to avoid combining risk with a risk component (such as chance).
Furthermore, it is important to note that likelihood and risk are part of an overlapping set and thus risk is not independent of likelihood as risk = (probability, consequences). This applies to both risk and effect, which are part of an overlapping set (probability, consequence).
A risk is a combination of both probability and consequence words, thus avoid expressions like “risk likelihood” or “risk probability,” which equates risk with either probability or consequence, but in reality, the risk is made up of both.