Any organization, public or private, large or small, faces internal and external uncertainties that affect its ability to achieve its objectives. The effect of uncertainty on an organization’s objectives is “risk.” Risk management, commonly known in the business community as enterprise risk management (ERM), can provide for the structured and explicit consideration of all forms of uncertainty in making any decision. The overarching principle of ERM is that it must produce value for the organization. It is the culture, processes and structures that is directed towards taking advantage of potential opportunities while managing potential adverse effects.


Risk Identification

 Any business exists in an atmosphere of perpetual change. Hence, the process of risk identification must be an ongoing one and any failure in proper risk identification would result in passive retention of the risk by the company. One is required to be alert to note the changes in environment and react.

Risk Identification Information

Risk management requires following information for identification of risks—

(a) Asset information such as list of assets, its original cost, book value, replacement value etc.

(b) Process information regarding raw materials, process and nature of plant etc.,

(c) Product information whether consumer products or industrial product, chances of liability etc.

(d) Liability information such as liability to its stakeholders.

Risk Evaluation/Measurement

The risk measurement process requires a mathematical approach and considerable data on the past losses. The data available from the concern itself may not be adequate enough to lend itself amenable to analytical exercise. Hence, it becomes necessary to resort to data on industry basis, at national and sometimes even at international level. Risk evaluation includes the determination of:

(a) The probability or chances that losses will occur.

(b) The impact the losses would have upon the financial affairs of the firm should they occur. (c) The ability to predict the losses that will actually occur during the budget period. There are various statistical methods of quantifying risks. But the statistical methods are too technical and the risk manager then relies on his judgment. Risks are classified as modest, medium, severe etc. In either event, a ‘risk matrix’ can be prepared which essentially classifies the risks according to their frequency and severity.

Risk Handling

Firms are not entirely free to decide on how they shall handle their risks. In every country there are governmental and official regulations governing health and safety at work like fire precautions, hygiene, environmental pollution, food, handling of dangerous substances and many other matters relating to properties, personal injuries and other risks. The Central Government and State Governments have enacted compulsory insurance regulations (for vehicles and individuals). And in addition a firm may be obliged to insure certain risks under provisions of leases, construction and other contracts. Failure to comply with both safety and compulsory insurance regulations may constitute a criminal offence and may lead to the closure of a plant or other establishments. Thus, if a firm wishes to carry on certain activities it must comply with the relevant official risk handling regulations. There will remain, however, broad areas where it can exercise its own discretion to control physical or financial loss.

Risks can be handled broadly in four ways:

Risk Avoidance

It is a rare possibility to avoid a risk completely. A riskless situation is rare. Generally risk avoidance is only feasible at the planning stage of an operation.

Risk Reduction

In many ways physical risk reduction (or loss prevention, as it is often called) is the best way of dealing with any risk situation and usually, it is possible to take steps to reduce the probability of loss. Again, the ideal time to think of risk reduction measures is at the planning stage of any new project when considerable improvement can be achieved at little or no extra cost. The only cautionary note regarding risk reduction is that, as far as possible expenditure should be related to potential future saving in losses and other risk costs; in other words, risk prevention generally should be evaluated in the same way as other investment projects.

Risk Retention

It is also known as risk assumption or risk absorption. It is the most common risk management technique. This technique is used to take care of losses ranging from minor to major break-down of operation. There are two types of retention methods for containing losses as under:

(i) Risk retained as part of deliberate management strategy after conscious evaluation of possible losses and causes. This is known as active form of risk retention.

(ii) Risk retention occurred through negligence. This is known as passive form of risk retention.

Risk Transfer

This refers to legal assignment of cost of certain potential losses to another. The insurance of ‘risks’ is to occupy an important place, as it deals with those risks that could be transferred to an organization that specializes in accepting them, at a price. Usually, there are 3 major means of loss transfer viz.,

→ By Tort

→ By contract other than insurance

→ By contract of insurance.

The main method of risk transfer is insurance. The value of the insurance lies in the financial security that a firm can obtain by transferring to an insurer, in return for a premium for the risk of losses arising from the occurrence of a specified peril. Thus, insurance substitutes certainty for uncertainty. Insurance does not protect a firm against all perils but it offers restoration, at least in part of any resultant economic loss.

Implementation of Decision

The last step in the risk management process is the implementation of the decision. The Risk Manager should recommend to the Board or an organization various alternatives of tackling the risks. After getting it approved, initiate measures to implement it. Systematic approach to risk management requires an integration of different disciplines and holistic assessment techniques. It is desirable to have a generic approach to risk assessment that avoids compartmentalization or castling of risks. ISO 31000 published as a standard on the 13th of November 2009, provides a standard on the implementation of risk management. The purpose of ISO 31000:2009 is to be applicable and adaptable for "any public, private or community enterprise, association, group or individual." ISO 31000:2009 provides generic guidelines for the design, implementation and maintenance of risk management processes throughout an organization. The scope of this approach to risk management is to enable all strategic, management and operational tasks of an organization throughout projects, functions, and processes to be aligned to a common set of risk management objectives.

Hope useful to all.

Mail me @

CAclubindia's WhatsApp Groups Link

Published by

Kannan Iyappan
(Company Secretary)
Category Others   Report

1 Likes   48 Shares   12894 Views


Related Articles


Popular Articles

Certificate in Quantitative Finance IIM Calcutta Applied Finance(Batch 17) Live GST Course on GST Input Tax Credit (ITC) by CA Bimal Jain

Follow us

CCI Articles

submit article