Risk management as a formalised discipline has been around for at least 100 years. It has its early origins in the specialist activity of insurance, which can trace its history back several centuries.
As insurance became more formalised and structured, the need for risk control standards increased, especially regarding the insurance of cargo king transported by ships worldwide.
Perhaps one of the earliest developments in this field was the introduction of the Plimsoll Line’ to indicate the level of cargo that a ship could safely transport without being dangerously overloaded.
Risk management education programmes arose to support the profession’s growth as it evolved. Various authorities were granted increased jurisdiction over certain concerns (such as health and safety) and also specific economic sectors at this time (such as financial institutions). In the 1980s, risk management degrees grew more structured.
Risk management standards emerged due to improved education and regulatory framework. The AS/NZS 4360:1995 standard for risk management was one of the first to take a complete approach. In addition to the fundamental risk management rules that apply to all businesses, specialised risk management methodologies have arisen, especially in finance.
The emergence of regulated capital requirements for banks and insurance companies indicated the increased risk management maturity required of financial institutions.
The corporate risk management role in the United States during the 1950s became an extension of insurance purchasing decisions. During the 1960s, contingency planning became more important to organisations. There was also an emphasis beyond risk financing on loss prevention and safety management.
During the 1970s, self-insurance and risk mention practices developed within organisations. Captive insurance companies also started to emerge. Contingency plans then developed into business continuity planning and disaster recovery plans.
Areas of Risk Management
Risk management is a constantly developing and evolving discipline. As well as its origins in the insurance industry and other branches of hazard management, risk management has strong connections with the credit and treasury functions. Many functions within large organisations will have a significant risk management component to their activities, such as tax, treasury, human resources, procurement and logistics.
However, it is unlikely that specialises in those areas will consider their activities simply a branch of the risk management discipline. Perhaps one of the best-known and specialist areas of risk management is health and safety at work. Another specialist area is of disaster recovery planning and business continuity planning.
Also, there is no doubt that quality management is a very well-developed branch of risk management, given the high profile attached to quality management systems, such as ISO 9000. Additionally, other specialist areas of risk management have developed over the past decades, including project risk management;
• clinical/medical risk management;
• energy risk management;
• financial risk management (FRM)
• IT risk management.
The development and use of risk management (RM) tools and procedures have been greatly influenced by all of the specialities mentioned above areas. Risk management methods and practices are very well developed in Project RMT. Before this discussion, project RM focused on controlling or managing uncertainty or risk.
We’ve heard about clinical risk management (CRM) for a while. Patient care is the primary focus of this risk management sector, especially during surgical procedures. Risk management systems have been implemented due to the high cost of medical malpractice lawsuits and the unavoidable delays in receiving insurance payouts.
Patient education is an important part of clinical risk management, especially when it comes to procedures that may pose a risk. As a result, surgeons must also disclose any events that may arise during the procedure.
CRM has placed a lot of emphasis on the need to report any problems that occur in the operating room in a timely way. Clinical risk management is the subject of a wide range of publications, and a considerable effort has been invested into developing the essential systems and processes.
Operations, market, credit, and other financial hazards are all part of risk management in the financial sector. The term “Chief Risk Officer” was originally used in the financial industry. RM tools and practices have also gained traction in the energy industry.
Some companies in the energy business are more concerned about the future price of energy and exploration risk than RM is concerned about. As a result, the RM process resembles that of the treasury department, where risk management is based on sophisticated financial procedures such as hedging.
Another well-developed and specialised aspect of this issue is the management of IT risks. Data management and data security have become increasingly important to organisations, and as a result, particular standards for IT risk management have been developed. COBIT, which is related to the COSO standard in many ways, is a well-established risk management standard.
Risk management is not a “cure all”, and it should never be viewed as such
Your risk management best practices may differ from those of your customer. At the very least, you should demonstrate how your processes and best practices align with those of your customers and fix any disconnects. This should be done as soon as possible to avoid any misconceptions or potential complications.
Do not just assert that your processes and best practices are superior to your customer’s without presenting evidence. I’ve observed similar behaviour aimed against a client in a public forum on many occasions, including twice from the same individual.
As a result, the firm suffered a significant loss of trust in the eyes of a very key customer. Rather than that, even if your risk management process and best practices are better than those of your client, collaborate with them to the degree feasible to assist them in understanding your process and best practises and to improve theirs as necessary.
Risk vs Likelihood
The probability of an event occurring and its repercussions are considered when calculating risk. Using only one of these two words is unsuitable when discussing the risk. You should avoid using language such as “probability” and “consequence” when talking about risk since these terms imply that a risk is only constituted of one of two things: a probability or an impact.
In order to minimise confusion, duplicate information, and erroneous findings, it’s best to avoid combining risk with a risk component (such as chance).
Furthermore, it is essential to note that likelihood and risk are part of an overlapping set, and thus the risk is not independent of likelihood as risk = (probability, consequences). This applies to both risk and effect, which are part of an overlapping set (probability, consequence).
A risk is a combination of both probability and consequence words; thus, avoid expressions like “risk likelihood” or “risk probability,” which equates risk with either probability or consequence, but in reality, the risk is made up of both.