Approaches to Risk Management

There is a common misconception about risk management that the goal of risk management is to completely eliminate the risk from a business. This is not really true because the elimination of risk is practically impossible. Instead, the goal of risk management is to first ensure that the organization has a clear picture of the level of risk that they are willing to undertake and then ensuring that the risk remains within those limits.

There are different approaches to risk management which result in different types of outcomes for the organization involved. Hence, the organization has to choose which approach it wants to follow. The types of approaches commonly followed have been mentioned in this article.

Risk and Returns

If you ask the management of an organization whether they want to reduce the risk in their company, the answer, most probably, will be an emphatic yes! However, it needs to be understood that risk management does not work in a silo. There is a clear and direct relationship between risk and reward. Hence, if a company wants to minimize risks, there is a high chance that they will end up minimizing the rewards as well. This is where things get tricky!

There are certain organizations that want to grow at a fast pace. Hence, by definition, they should be taking more risks so as to allow the organization to achieve faster growth. Companies need to be aware of this relationship between risk and reward. Having a policy of risk minimization and reward maximization can be inconsistent and can create negative outcomes.

Approaches to Risk Management

The approaches commonly followed in the risk management process have been detailed below:

1. Risk Avoidance: The most basic strategy is called risk avoidance. Under this approach, the company avoids taking on risks as much as possible. However, this strategy is not viable for many companies. This is because most activities have a certain amount of risk attached. Hence, if a company simply tries to avoid taking risks, it would have to drastically reduce the scope of its activities. The end result of this approach is that there is very little incentive for any activity to take place.

2. Diversification: Diversification is one of the oldest and most basic strategies in risk management. Under this approach, the company deliberately tries to engage in business activities that are very different from one another. Since the activities are very different from one another, they generally do not experience adverse business events at the same time. The end result is that if some activities are facing a negative outcome, the others automatically face a positive outcome and the overall results are stabilized. The problem with this policy is that there it cannot be applied everywhere. It can only be applied in conglomerates that operate in diverse businesses.

3. Risk Transfer: Another way to manage risks is to transfer risk to an external party. There are many external parties such as insurance companies who are willing to assume risks in return for a fee. However, insurance policies cannot be found for every risk. This is also where derivatives come into play.

   Derivatives are financial instruments where the underlying cash flow changes based on the occurrence of certain risky events. Derivatives help companies to contractually transfer their risk to outside parties. It is important to realize that in these cases, the risk is not completely eliminated. The company still faces counterparty risk i.e. the risk that the counterparty will not pay up in case an adverse event takes place.

4. Risk Retention: Risk retention is a strategy under which, the company decides to retain the risk on its books. This policy may be the result of the high cost of the transfer. Alternatively, it could also be because the company is very confident of its internal controls.

   Companies that have a good operational risk control process in place tend to retain risks. This is because they are confident that they will be able to manage the impact of the risk on their own. However, it is important for a company to have a strong cash flow in place so that it can wither any shocks which may arise as a result of not transferring risks.

5. Risk Sharing: There are hybrid approaches to risk management as well. Under these approaches, the company faces the consequences of risk up to a certain threshold level. Once the threshold level is breached, the risk gets transferred to an external party. The idea here is to make risk management cost-effective. The company may be able to bear the smaller losses. However, it will get help in the event of catastrophic losses.

   Since catastrophic losses are less likely, the premium to be paid for transferring these risks is less. Risk-sharing can be used as an effective strategy to obtain wider coverage at a lower cost.

6. Loss Control: This strategy is used by organizations that have a certain amount of liquid assets on hand. They tend to hold on to the assets till a certain predefined threshold is reached. This threshold is often called the “stop-loss” point.

   Once the threshold is reached, there are automatic orders in place to sell the assets and minimize the loss. The idea behind this strategy is to ensure that assets are not sold at minor valuation differences. However, when a significant drop in valuation is detected, assets must be sold in order to minimize the losses.

The bottom line is that the same risk can be handled in different ways based on the underlying policy of the firm. It is important to create a policy based on the different approaches mentioned above.