Risk and Insurance: Definition, Types

The risk is a concept which relates to human

expectations.
It denotes a potential negative impact on an asset or some characteristic of value that
may arise from some present process or some future event.
In everyday usage, “risk” is often used synonymously with “probability” of a loss or
threat.
In professional risk assessments, risk combines the probability of an event occurring
with the impact that event would be and with its different circumstances.
However,
Where assets are priced by markets, all probabilities and impacts are reflected in the
market price, and risk, therefore, comes only from the variance of the outcomes.
According to the Dictionary;

 Risk refers to the probability that something unpleasant or dangerous might

happen.

 The risk is a condition in which there is a possibility of an adverse deviation

from the desired outcome that is expected or hoped for.
For understanding the risk, we should know these terms which are related to the
concept of risk;
What is the Definition of Chance
This is a term which refers to the probable advantageous, desirable or profitable
outcome of a fortuitous event.
For example, we usually say. Chance of passing an examination and not Chance of
failing an examination.
What is the Definition of Risk
This is a term which refers to the probable disadvantageous, undesirable or
unprofitable outcome of a fortuitous event, an event which is not desired but taking
place.
For example,
We usually say the risk of death and not the risk of survival as death is something
which is never desired.
What is the Definition of Probability
This is a term which refers to a neutral mathematical quantitative expression of an
unforeseen or fortuitous event.
What is the Definition of Uncertainty
Uncertainty refers to a situation where the outcome is not certain or unknown.
Uncertainty refers to a state of mind characterized by doubt, based on the lack of
knowledge about what will or what will not happen in the future.
Very often the meaning of Risk and uncertainty gets mixed, but there are fundamental
differences between them;
Risk vs. Uncertainty
 Uncertainty is often confused with risk. Uncertainty refers to a situation where
the outcome is not certain or unknown. Uncertainty refers to a state of mind
characterized by doubt, based on the lack of knowledge about what will or what
will not happen in the future.
 Uncertainty can be perceived as opposite of certainty where you are assured of
outcome or what will happen. Accordingly, some weight or probabilities can be
assigned to risky situations, but uncertainty, the psychological reaction ten the
absence of knowledge lacks this privilege.

 The decision under uncertain situations is very difficult for the decision-maker.
It all depends upon the skill, the judgment and of course luck.

 Uncertainty being a perceptual phenomenon implies different degrees to a

different person. For example: Assume a situation where an individual has to
appear for the first in the newly introduced insurance examination.

 An individual student had undergone training in insurance.

 An individual with training or experience in insurance A’s perception towards

uncertainty (of performance in the examination) is different from that of B.
Nonetheless, in both situations, the outcomes that are the questions which will be
asked in the examination are different.

These terminologies are referring to the result of an unforeseen or fortuitous event

irrespective of whether it is advantageous or disadvantageous, desired or undesired,
qualitative or quantitative.
Related: Methods of Eliminating and Spreading the Risk
The business of risk management necessarily deals with the Control and management
of risk, i.e., the effects of fortuitous events which are never expected or desired but
taking place to our detriment.
One thing is clear that there is no single definition of risk. Economists, behavioral
scientists, risk theorists, statisticians, and actuaries each have their concept of risk.
However,
Risk traditionally has been defined regarding uncertainty.
Based on this concept, the risk is denied here as uncertainty concerning the occurrence
of a loss.
For example, the risk of being killed in an auto accident is present because uncertainty
is present. The risk of lung cancer for smokers is present because uncertainty is
present.
The risk of flunking a college course is present because uncertainty is present.
For a more clear definition of the risk, the authors and experts looked at the risk
objectively and subjectively.
Objective Risk
Objective risk (also called the degree of risk) is defined as the relative variation of
actual loss from expected loss.
For example,
Assume that a property insurer has 10,000 houses insured over a long period and. On
average, 1 percent, or 100 houses, burn each year. However, it would be rare for
exactly 100 houses to burn each year.
In some years, as few as 90 houses may burn; in other years as many as 110 houses
may burn. Thus: there is a variation of 10 houses from the expected number of 100 or
a variation of 10 percent. This relative variation of actual loss from expected loss is
known as objective risk.
Objective risk declines as the number of exposures increases. More specifically,
objective risk varies inversely with the square root of the number of cases under
observation.
In our previous example, 10,000 houses were insured, and objective risk was 10/100,
10 percent.
Now assume that 1 million houses are insured. The expected number of houses that
will burn is now 10,000, but the variation of actual loss from the expected loss is 100.
The objective risk is now 100/1000 or 1 percent. Thus, as the square root of houses
increased from 100 in the first example to 1000 in the second example (10 times), the
objective risk declined to one-tenth of its former level.
Objective risk can be statistically calculated by some measure of dispersion, such as
the standard deviation or the coefficient of variation. Because objective risk can be
measured, it is an extremely useful concept for an insurer or a corporate risk manner.
As the number of exposures increases, an insurer can predict its future loss experience
more accurately because it can rely on the law of large numbers.
The law of large numbers states that as the number of exposure units increases, the
more closely the actual loss experience will approach the expected loss experience.
For example, as the number of homes under observation increases, the greater is the
degree of accuracy in predicting the proportion of homes that will burn.
Subjective Risk
The subjective risk is defined as uncertainty- based on a person’s mental condition or
state of mind.
For example,
A customer who was drinking heavily in a bar may foolishly attempt to drive home.
The driver may be uncertain whether he will arrive home safely without being
arrested by the police for drunk driving. This mental uncertainty is called subjective
risk.
The impact of subjective risk varies depending on the individual. Two persons in the
same situation can have a different perception of risk, and their behavior may be
altered accordingly.
If an individual experiences great mental uncertainty concerning the occurrence of a
loss, that person’s behavior may be affected. High subjective risk often results in
conservative and prudent behavior, while low subjective risk may result in less
conservative behavior.
For example, a motorist previously arrested for drunk driving is aware that he has
consumed too much alcohol. The driver may then compensate for the mental
uncertainty by getting someone else to drive the car home or by taking a cab.
Another driver in the same situation may perceive the risk of being arrested as slight.
This second driver may drive in a more careless and reckless manner; a low subjective
risk results in less conservative driving behavior.
In the walks of lives, human beings are constantly running various types of risk every
day, every moment.
The followings are just a few examples to emphasize how all types of human
activities are getting threatened by the application or risks and undesired and
unforeseen contingencies:

 A man crossing the road is running the risk of being knocked down by a
moving car.

 A house owner is running the risk of loss or damage to his house or property
therein by fire or burglary.

 A businessman or an industrialist, or a shopkeeper is running the risk of similar

types of various unforeseen contingencies.

 A merchant is running the risk of various maritime perils.

 An organization handling money matters is running the risk of possible

defalcation by employees as well as a loss by outside miscreants.

 People are running the risk of incurring liabilities for their wrong deeds.

 A dependent family is running the risk of financial insolvency arising out of the
premature death of the breadwinner.

The risk is, therefore, incidental to life. Some people live dangerously others exercise
extreme caution.
Nevertheless,
The happening of a fortuitous event or element cannot be avoided, although its effects
may be either good or bad.
Some fortuitous events are of course advantageous, but some are not. The study of
risk management primarily deals with these fortuitous events and their impacts.
In this study, certain terminologies are required to be properly understood because of
their differences with each other and at the same time because of their necessary
application.
3 Types of Risk in Insurance
Having dealt with the meaning of risk we

shall now attempt to divert our attention to another aspect of the nature of risk which
we shall call as Classification of risk.
It is required to know the complex classification and sub-classification of risk and also
an insight into risks which can be insured and which cannot be.
We may look into this subject in the following manner:

1. Financial and Non-Financial Risks.

2. Pure and Speculative Risks.

3. Fundamental and Particular Risks.

In this post, we are going to look into the three classifications of risk.
Financial and Non-Financial Risks
Financial risks are the risks where the outcome of an event (i.e. event giving birth to a
loss) can be measured in monetary terms.
The losses can be assessed and a proper money value can be given to those losses. The
common examples are:

 Material damage to property arising out of an event. We may consider damage

to a ship due to a cyclone or even sinking of a ship due to the cyclone. Damage to
the motor car due to a road accident which may be of partial or total nature.
Damage to stock or machinery etc.

 Theft of a property which may be a motorcycle, motor car, machinery, items of

household use or even cash.

 Loss of profit of a business due to fire damaging the material property.

 Personal injuries due to industrial, road or other accidents resulting in medical

costs, Court awards etc.

 Death of a breadwinner in a family leading to corresponding financial

hardship.

All such losses, i.e. the outcome of unforeseen untoward events can be measured in
monetary terms.
The losses can be replaced, reinstated or repaired or even a corresponding reasonable
financial support (in case of death) can be thought about.
We would call all such financial risks as insurable risks and these are indeed the main
subjects of insurance.
Non-Financial risks are the risks the outcome of which cannot be measured in
monetary terms.
There may be a wrong choice or a wrong decision giving rise to possible discomfort
or disliking or embarrassment but not being capable of valuation in money terms.
Examples can be:

 Choice of a car, its brand, color etc.

 Selection of a restaurant menu,

 Career selection, whether to be a doctor or engineer etc.

 Choice of bride/bridegroom,

 Choice of publicity etc.

Since the outcome cannot be valued in terms of money, we shall call these non-
financial risks as uninsurable.
Related: Seven Elements of an Insurable Risk
Pure Risk and Speculative Risks
Pure risks are those risks where the outcome shall result into loss only or at best a
break-even situation. We cannot think about a gain-gain situation.
The result is always unfavorable, or maybe the same situation (as existed before the
event) has remained without giving a birth to a profit (or loss).
As opposed to this, speculative risks are those risks where there is the possibility of
gain or profit. At least the intent is to make a profit and no loss (although loss might
ensue).
Investing in shares may be a good example. Pricing, marketing, forecasting, credit
sale etc. are yet examples falling within the domain of speculation.
Consider another example where we can have the existence of both pure risks and
speculative risks. A garments factory may be in our mind. Here we have:

 Cyclone damage possibility to the factory building,

 Fire damage possibility to stock,

 Machinery breakdown possibility to Machinery,

 Theft possibility to removable items,

 Personal accident possibility of factory workers etc.

Also, we have:

 the question of pricing of the product to remain in the competitive market,

 the question of fashion changes leading to a drastic fall in the demand of the
product,

 the question of withdrawal of quota system,

 the question of credit sale

The students should appreciate that in the first set of examples we are indeed talking
about the possibility of certain losses emanating from certain untoward events or
unforeseen contingencies (like cyclone, fire, theft, accident etc.) and for convenience
we shall call them the risks of trade.
These are identified as pure risks and as such insurable. Notice that these losses can
also be measured in monetary terms.
As opposed to this, if we refer to the second set of examples we notice that the
outcome of the trade or business is not the result of pure risks but indeed the result of
economic factors, supply & demand, change of fashion, trade restriction or
liberalization etc. and for convenience we call them trade risks.
These may be identified as speculative risks and usually not insurable.
Related: Why You Need Insurance (11 Reasons)
Fundamental Risk and Particular Risks
Now coming to the last stage of classification of risk we may consider the subject
from the viewpoint of the cause of a risk and its effect. We call such classifications as
fundamental risks and particular risks.
Fundamental risks are the risks mostly emanating from nature. These are the risks
which arise from causes that are beyond the control of an individual or group of
individuals.
The losses arising out of such causes may be catastrophic in dimension and felt by a
huge number of populations, the society or by the state although an individual may be
a part to that catastrophe. The common examples are:

 Flood & Cyclone, Subsidence & landslip,

 Earthquake & volcanic eruption, Tsunami,

 Convulsion of nature and other natural disasters,

 Famine, Draught

We may also add in the list perils like war, terrorism, riots & other political activities
which are neither created by nature nor by an individual but resulting in colossal
losses.
But one thing is certain which are this that all such perils are of impersonal nature not
being caused or contributed by an individual or even a group of individuals.
Normally fundamental risks were not supposed to be insurable because of the
magnitude and these were considered to be the responsibility of State. Now because of
demand and insurers’ strength, these risks are easily insurable.
Particular risks are; as opposed to what has been narrated hereinbefore, there are risks
which usually arise from actions of individuals or even group of individuals.
These may be identified as causes arising from personal (or group) behavior and
effects (losses) not being of that magnitude.
These are mostly man created because of their negligence, error in judgment,
carelessness, and disregard for law or respect.
We may even go onto suggesting that these are indeed the cases (both cause and
effect) where there has been an omission to do something which should have been
done or there has been done something which should not have been done.
We may call these as risks of personal nature. The common examples are:

 Fire, Explosion,

 Burglary, housebreaking, larceny, and theft,

 Stranding, Sinking, Capsizing, Collision in case of a ship, including cargo loss,

 Machinery breakdown and deterioration of stock due to machinery

breakdown,

 Motor accidents including death and bodily injuries, Industrial accidents,

 The collapse of bridges, Derailments.

Particular risks are insurable risks and most of the insurances relate to these risks.
However, the students should appreciate that risk is a dynamic concept and may be
modified because of the ever-changing situation.
So it may not be unlikely that a risk under one classification is changing its character
and identifying itself under another classification.
Levels of Risk in Insurance
Having identified the risk, the question of its frequency or magnitude would be very
much relevant in insurance.
Consider a factory by the bank of a river causing regular floods and consider another
factory near the same river but situated uphill.
Is the risk of flood damage the same for both the factories?
Simple common sense would dictate that the risk of the flood would be more with
regard to the first factory (by the bank of the river) as opposed to the second factory
(uphill).
To take yet another example to consider a house in a comfortable residential area near
to a fire brigade office and another house in a very crowdy locality surrounded by
lanes and alley bounds and far from any fire brigade office.
Related: Six Principles of Fire Insurance Policies
Certainly, the possibility of a fire loss would be far higher in the second house as
opposed to the first house.
What we are indeed suggesting here is this that in the study of risk we are not simply
to contend with the uncertainty as to causation of an event, we should also know the
behavioral pattern or risk frequency and its severity as well.
Extend the example of the house by another hypothesis which gives a value to the
houses.
The first house in the posh area values $1 million whilst the second house in the
crowdy area values $100K.
Now our imagination is a bit changed because we shall have to bring the severity of
loss into our scenario.
Because it is the magnitude or cost of a loss also which is of concern to insurers.
Frequency & Severity
As has been indicated in the extended example above, an insurer and risk bearer no
doubt we are interested in loss (event) frequency, but at the same time, we are also
interested in the severity (cost) of loss.
This is so because ultimately we shall have to pay a loss and our premium generation
should be such that would enable us to pay all such claims insured.
Therefore, a correlation is to be established between frequency and severity.
Is it that the more frequent the events are the more is the cost or severity?
This necessarily follows that a distinction is to be drawn between these two.
If we now go through the extended example again can we possibly visualize that
although the possibility (frequency) of fire in the house situated at the crowdy fire-
prone locality is higher as opposed to the house situated at posh area but the severity
of loss, should there be a fire engulfing the house of the posh area, will be much more
in comparison to the house of the crowdy area simply because of the higher value
involved?
Having said these, when we go for measuring a risk which is necessarily required
from the viewpoint of both insurer and the insured we start realizing that a distinction
between frequency and severity of risk assumes importance.
This helps insured to decide whether to go for insurance or not.
Similarly, it helps insurer to decide as to what premium would be reason enough to
cover loss payment and other incidental expenses, such as, administrative cost,
dividend etc.
Related: 15 Types of Fire Insurance Policies
Let us recall our previous understanding of uncertainty and lack of knowledge about
future causation of an event.
The more and more an event occurs our knowledge about future causation of the same
event increases and our uncertainty gradually diminishes giving way to certainty.
When uncertainty turns into certainty our prediction about the future becomes
stronger and stronger and our forecast for future becomes more and more accurate.
This is what an insurer’s objective is and when this point is struck we sit on the
driving seat and take the control of forecasting future events as masters thereof.
Going back to the issue of frequency and severity, if a person finds from experience
that in his trade or profession the frequency as to the causation of an event is quite
high with low cost or severity he might consider retaining the risk of loss on his own
shoulder.
Related: Fire Insurance: Definition, Functions, Importance (Explained)
On the other hand, if it is found that the frequency as to the causation of an event is
rather substantially low with high severity and cost he may transfer the risk to
insurers.
Clandestine thefts in private dwelling houses may be one example of high-frequency
losses with low cost or severity. Shipping risks, Aviation risks, Petrochemical risks
etc.
Maybe examples of low-frequency losses with commendable severity and costs
involved.
Following diagrams demonstrates this:
Here the verticle axis represents the frequency of loss event and the horizontal axis
represents the severity (cost) of loss.
In private dwelling houses, the incidence of theft is quite high, but the losses are all
small clandestine thefts.
What is demonstrated here is this that as the number of incidence or frequency goes
up the severity comes down and as the frequency comes down the severity increases.
This position is also supported by a well-known study referred to as Heinrich
Triangle.
This was done with regard to industrial injury cases which revealed that the number of
major bodily injuries to workmen emanating from industrial accidents is much less as
opposed to minor bodily injuries or no injuries at all.
The study was made of workers employed in various industries. The object was to
find out the number of bodily injuries arising out of industrial accidents and their
severity.
The study revealed that for each major injury there were relatively 30 minor injuries
and in 300 incidents there was no injury at all:
This is the normal behavioral pattern of most of the risks.
However, a typical scenario may emerge in rare cases where with the increase in
frequency the severity also increases as demonstrated in the following diagram:

Here as the frequency becomes higher and higher the severity also goes higher and
higher.
These are normally very high valued risks such as Petro-chemical, Aeroplanes, and
Ships etc.
To complete the study of the meaning of risk an understanding of peril and hazard is
important.
Spreading Risk of Insurance

Risk refers to the probable disadvantageous,

undesirable or unprofitable outcome of a fortuitous event, an event which is not
desired, but nevertheless taking place.
In business or personal life, no one cannot avoid the risk and uncertainty it may bring.
So one should use one or more methods to hedge himself against it.
The following methods may be usually considered:
Risk Avoidance
This involves the selection of those business activities only which involve the
minimum amount of risks.
Examples;

 Buying a property or business in order to not take on the liability that comes
with it.

 Not flying in order to not take the risk that the airplane was to be hijacked.

 Not to visit border areas at the time of war tensions.

 Avoid manufacturing and marketing a product of which patent/copyright is

doubtful.

Risk Prevention
This can be done by eliminating the cause of loss and protecting loss of things or
persons exposed to damage or injury and minimizing the loss when it at all occurs,
Risk Assumption
This refers to the individual or firm assuming the risk itself and bearing the ensuing
uncertainty. This is also known as Self-insurance. It may be due to ignorance or by
choice particularly when the risk is so remote that any step taken to minimize or
eliminate it would be considered uneconomical.
Risk Distribution
This involves spreading risk by means of group sharing such as partnership or
company form of business organization.
Hedging and Neutralization
This involves offsetting loss from the occurrence of a risk by a compensating gain
from another activity.
Elimination of Risk
It is illogical to spread risks that can be eliminated entirely and much efforts are
usually made by the business community to improve their equipment and methods of
working so that any unnecessary element of risk is avoided.
However, improvement in the system necessitates extra expenditure and this will be
justified so long the potential loss is reduced by a greater sum than the potential cost.
Read: Financial Statements Paints a Picture of a Companies Financial Situation
Risk Transfer
This refers to one person guaranteeing another against the risk of loss. Insurance is the
form of risk transfer as such.
Save and except the last item as hereinabove mentioned pertaining to ’’risk transfer”,
it would be observed that the means of risk spreading so far considered involve a
sharing not only of the risk but also of the management and profits of the business.
Insurance differs from this sort of risk sharing in that it isolates risk- It may be
expressed as a fund into which each member- insured puts a contribution known as
premium commensurate with the risk he introduces.
The insurers manage the fund, pay claims and if possible make a reasonable profit in
return for their expertise.
The members of the fund are thus only bound together in their desire jointly to
provide against a possible risk to which all are exposed. In no way have they joined
together their separate business operations.
In isolating the risk one thing is to be kept in mind always which is this that
speculative risks are beyond the scope of insurance.
Actually, the control and management of pure risks which is dealt with by insurance
technique is the risk management from an insurance point of view and this is within
the scope of insurance.
Pure Risk – 3 Types of Pure Risks
Pure risks are types of risk where no profit or gain is possible and only full loss,
partial loss or break-even situation are probable outcomes. There are three types of
pure risk.
The result is always unfavorable, or may be the same situation (as existed before the
event) has remained without giving a birth to a profit (or loss). Pure risk is a situation
that holds out only the possibility of loss or no loss or no loss.
For example, if you buy a new Samsung Note 7, you face the prospect of the book
being stolen or not being stolen and no profit from this situation.
There is only the prospect of loss or no loss, and no prospect of gain or profit under
pure risk.
So, Pure risks are those risks where the outcome shall result in loss only or at best a
break-even situation. We cannot think about a gain-gain situation.

Types of Pure Risks are;

1. Personal risks.

2. Property risks.
3. Liability risks

Since pure risks are generally insurable, the discussion on risk is skewed towards
pure risks only.
1. Personal Risks
These are the risks that directly affect the individual’s capability to earn income.
Personal risks can be classified into the following types:

 Premature Death: Death of the bread earner with unfulfilled or unprovided

financial obligations.

 Old Age: It refers to the risk of not having sufficient income at the age of
retirement or the age becoming so that mere is a possibility that the individual
may not be able to earn the livelihood.

 Sickness or Disability: The risk of poor health or disability of a person to earn

the means of survival. E.g. the possibility of damage to limbs of a driver due to an
accident.

 Unemployment: The risk of unemployment due to socio-economic factors

resulting in financial insecurity.

Read more: 7 Steps of Risk Management Process

2. Property Risks
These are the risks to the persons in possession of the property being damaged or lost.
The immovable like land and building being damaged due to flood, earthquake or fire,
the movables like appliances and personal assets being destroyed due to the fire or
stolen.
The losses may be direct or indirect/consequential.
Read more: 3 Types of Risk in Insurance
A direct loss implies the visible financial loss to the property due to mishappenings.
Whereas, the indirect ones are the losses arising from the occurrence of an incident
resulting in direct/physical damages or loss.
The loss to crops due to flood is a direct loss – the destruction of the growing power is
a consequential one.
3. Liability Risks
These are the risks arising out of the intentional or unintentional injury to the persons
or damages to their properties through negligence or carelessness.
Liability risks generally arise from the law. E.g. liability of the employer under the
workmen’s compensation law or other labor laws in India.
In addition to the above categories, risks may also arise due to the failure of others.
For example,
The financial loss arising from the non-performance or standard performance in a
contract – in engineering/ construction contracts.

Risk Management: 7 Steps of Risk Management

Process
The process of evaluating and selecting alternative regulatory and non-regulatory
responses to risk.
The selection process necessarily requires the consideration of legal, economic, and
behavioral factors.
Risk management is the decision-making process involving considerations of
political, social, economic and engineering factors with relevant risk assessments
relating to a potential hazard so as to develop, analyze and compare regulatory options
and to select the optimal regulatory response for safety from that hazard.
Essentially risk management is the combination of 3 steps:

1. risk evaluation,
2. emission and exposure control,

3. risk monitoring.

A systematic approach used to identify, evaluate, and reduce or eliminate the

possibility of an unfavorable deviation from the expected outcome of medical
treatment and thus prevent the injury of patients as a result of negligence and the loss
of financial assets resulting from such injury.’
Risk Management Definitions
 “Risk management is an integrated process of delineating specific areas or risk,
developing a comprehensive plan, integrating the plan, and conducting the ongoing
evaluation.”-Dr. P.K. Gupta

 “Risk Management is the process of measuring, or assessing risk and then

developing strategies to manage the risk.”-Wikipedia

 ‘Managing the risk can involve taking out insurance against a loss, hedging a
loan against interest-rate rises, and protecting an investment against a fall in
interest rates.”

 -Oxford Business Dictionary

 ‘Decisions to accept exposure or to reduce vulnerabilities by either mitigating

the risks or replying cost-effective controls’- Anonymous

The future is largely unknown. Most business decision-making takes place on the
basis of expectations about the future.
Making a decision on the basis of assumptions, expectations, estimates, and forecasts
of future events involve taking risks.
Risk has been described as the “sugar and salt of life”.
This implies that risk can have an upside as well as the downside.
People take a risk in order to achieve some goal they would otherwise not have
reached without taking that risk.
On the other hand;
Risk can mean that some danger or loss may be involved in carrying out an activity
and therefore, care has to be taken to avoid that loss.
This is where risk management is important, in that it can be used to protect against
loss or danger arising from a risky activity.
For proper control and management of risks, as insurers, we should always keep the
following in mind with regard to any project or subject-matter of insurance:

 What are the possible sources of loss?

 What is the probable impact of a loss should it at all occur?

 What should be done when a loss takes place? Should the loss be allowed to
enhance or something should be done to minimize it? The question of protection of
salvage in the best possible way and also the question of checking the future
possibility of such events should be considered.

 The probable expenditure or the economy of loss prevention, (it should be

remembered that any extra expenditure for loss prevention would be economically
justified so long the expenditure made is smaller than or at best equal to the savings
made by way of loss reduction.

As already mentioned, in insurance the risk is isolated from the whole business
venture and the pure risk portion of it is assumed entirely by a different group of
people of organization (insurer) in a most technical, expert and economic way.
This is possible only through the proper diagnosis of the risk in matters of finding out
the possible sources of loss and the impact of loss should it at all occur.
The question of minimizing a loss and preventing future causation of a loss should not
also lose sight of.
Keeping these factors in view would come up the question of properly rating a risk, as
this would be the basis of charging premium or price for running a risk. In this context
of risk management the ’’mathematical valuation of risk” is indeed important.
7 steps of risk management are;

1. Establish the context,

2. Identification,

3. Assessment,

4. Potential risk treatments,

5. Create the plan,

6. Implementation,

7. Review and evaluation of the plan.

The risk management system has seven(7) steps which are actually is a cycle.
1. Establish the Context
Establishing the context includes planning the remainder of the process and mapping
out the scope of the exercise, the identity and objectives of stakeholders, the basis
upon which risks will be evaluated and defining a framework for the process, and
agenda for identification and analysis.
2. Identification
After establishing the context, the next step in the process of managing risk is to
identify potential risks. Risks are about events that, when triggered, will cause
problems.
Hence, risk identification can start with the source of problems, or with the problem
itself.
Risk identification requires knowledge of the organization, the market in which it
operates, the legal, social, economic, political, and climatic environment in which it
does its business, its financial strengths and weaknesses, its vulnerability to unplanned
losses, the manufacturing processes, and the management systems and business
mechanism by which it operates.
Any failure at this stage to identify risk may cause a major loss for the organization.
Risk identification provides the foundation of risk management.
The identification methods are formed by templates or the development of templates
for identifying source, problem or event. The various methods of risk identification
methods are.
3. Assessment
Once risks have been identified, they must then be assessed as to their potential
severity of loss and to the probability of occurrence.
These quantities can be either simple to measure, in the case of the value of a lost
building, or impossible to know for sure in the case of the probability of an unlikely
event occurring.
Therefore;
In the assessment process, it is critical to making the best-educated guesses possible in
order to properly prioritize the implementation of the risk management plan.
The fundamental difficulty in risk assessment is determining the rate of occurrence
since statistical information is not available on all kinds of past incidents.
Furthermore;
Evaluating the severity of the consequences (Impact) is often quite difficult for
immaterial assets. Asset valuation is another question that needs to be addressed.
Thus, best-educated opinions and available statistics are the primary sources of
information.
Nevertheless, risk assessment should produce such information for the management of
the organization that the primary risks are easy to understand and that the risk
management decisions may be prioritized.
Thus, there have been several theories and attempts to quantify risks.
Numerous different risk formula exists but perhaps the most widely accepted formula
for risk quantification is the rate of occurrence multiplied by the impact of the event.
In business, it is imperative to be it’s to present the findings of risk assessments in
financial terms. Robert Courtney Jr. (IBM. 1970) proposed a formula for presenting
risks in financial terms.
The Courtney formula was accepted as the official risk analysis method of the US
governmental agencies.
The formula proposes calculation of ALE (Annualized Less Expectancy) and
compares the expected loss value to the security control implementation costs (Cost-
Benefit Analysis).
4. Potential Risk Treatments
Once risks have been identified and assessed, all techniques to manage the risk fall
into one or more of these four major categories;

1. Risk Transfer: Risk Transfer means that the expected party transfers whole or
part of the losses consequential o risk exposure to another party for a cost. The
insurance contracts fundamentally involve risk transfers. Apart from the insurance
device, there are certain other techniques by which the risk may be transferred.
2. Risk Avoidance: Avoid the risk or the circumstances which may lead to losses
in another way, Includes not performing an activity that could carry risk. Avoidance
may seem the answer to all risks, but avoiding risks also means losing out on the
potential gain that accepting (retaining) the risk may have allowed. Not entering a
business to avoid the risk of loss also avoids the possibility of earning the profits.

3. Risk Retention: Risk retention implies that the losses arising due to a risk
exposure shall be retained or assumed by the party or the organization. Risk
retention is generally a deliberate decision for business organizations inherited with
the following characteristics. Self-insurance and Captive insurance are the two
methods of retention.

4. Risk Control: Risk can be controlled either by avoidance or by controlling

losses. Avoidance implies that either a certain loss exposure is not acquired or an
existing one is abandoned. Loss control can be exercised in two ways.

5. Create the Plan

Decide on the combination of methods to be used for each risk. Each risk
management decision should be recorded and approved by the appropriate level of
management.
For example,
A risk (concerning the image of the organization should have top management
decision behind it whereas IT management would have the authority to decide on
computer virus risks.
The risk management plan should propose applicable and effective security controls
for managing the risks.
A good risk management plan should contain a schedule for control implementation
and responsible persons for those actions.
The risk management concept is old but is still net very effectively measured.
Example: An observed high risk of computer viruses could be mitigated by acquiring
and implementing antivirus software.
6. Implementation
Follow all of the planned methods for mitigating the effect of the risks.
Purchase insurance policies for the risks that have been decided to be transferred to an
insurer, avoid all risks that can be avoided without sacrificing the entity’s goals,
reduce others, and retain the rest.
7. Review and Evaluation of the Plan
Initial risk management plans will never be perfect.
Practice, experience, and actual loss results will necessitate changes in the plan and
contribute information to allow possible different decisions to be made in dealing with
the risks being faced.
Risk analysis results and management plans should be updated periodically. There are
two primary reasons for this;

1. To evaluate whether the previously selected security

controls are still applicable and effective, and,

2. To evaluate the possible risk level changes in the business

environment. For example, information risks are a good example of the
rapidly changing business environment.