Risk Management
Risk = uncertainty about future events. Every managerial action raises the possibility of positive or negative outcomes. Risk management is therefore essential — firms devote substantial resources to recognizing potential risks and positioning themselves to make the best decisions about them.
How It Appears Per Course
ADMN 201
Risk management is one of the four core responsibilities of the FinancialManager. The chapter treats it as a systematic, ongoing process — not a one-time fix.
Two Types of Risk
| Type | Definition | Example |
|---|---|---|
| Speculative risk | A gain or a loss is possible | Investing in a new market; launching a new product |
| Pure risk | Only a loss (or no loss) is possible — there is no chance of gain | Fire destroys a building; a lawsuit; a flood |
Risk management focuses more on pure risks — the kind you want to minimize or transfer. Speculative risks are accepted as part of doing business.
The 5-Step Risk Management Process
flowchart TD A["Step 1: Identify Risks\n& Potential Losses"] --> B["Step 2: Measure Frequency\n& Severity of Losses"] B --> C["Step 3: Evaluate Alternatives"] C --> D["Step 4: Implement the\nRisk Management Program"] D --> E["Step 5: Monitor Results"] E -->|"Ongoing — risks change\nas the business evolves"| A C --> C1[Risk Avoidance] C --> C2[Loss Prevention\n& Control] C --> C3[Risk Retention\nSelf-Insurance] C --> C4[Risk Transfer\nBuy Insurance]
(diagram saved)
Step 1: Identify Risks and Potential Losses
Catalogue every source of risk the firm faces. Categories include:
- Operational: equipment failure, supply chain disruption, workplace injuries
- Financial: interest rate changes, foreign exchange exposure, credit risk
- Legal/compliance: lawsuits, regulatory changes, contract disputes
- Environmental/external: natural disasters, pandemics, reputational damage
- Cybersecurity: data breaches, ransomware
Step 2: Measure Frequency and Severity
For each identified risk, assess:
- Frequency: How often does this type of loss occur?
- Severity: How large are the losses when they occur?
A risk that is both frequent and severe demands immediate attention. A risk that is rare and minor may be accepted without action.
| Low Severity | High Severity | |
|---|---|---|
| High Frequency | Manage/control aggressively | Priority — avoid or transfer |
| Low Frequency | Self-insure or accept | Transfer via insurance |
Step 3: Evaluate Alternatives
Four main risk management strategies:
| Strategy | Description | Example |
|---|---|---|
| Risk avoidance | Stop doing the activity that creates the risk entirely | Stop offering a product line that has high liability exposure |
| Loss prevention & control | Reduce the likelihood or severity of losses | Install sprinklers, safety training, quality controls |
| Risk retention (self-insurance) | Accept the risk and pay for losses out of the firm’s own resources | Set aside a reserve fund for small, predictable losses |
| Risk transfer | Shift the financial consequences to a third party | Buy insurance; use contracts to pass risk to suppliers |
Most firms use a combination of all four strategies depending on the type and severity of risk.
Step 4: Implement the Risk Management Program
Select the appropriate tools and put them in place. For risk transfer, this means:
- Selecting an insurance company
- Purchasing the right policies (property, liability, health, etc.)
- Ensuring coverage matches the risks identified in Steps 1 and 2
Step 5: Monitor Results
Risk management is ongoing, not a one-time exercise. New risks emerge as:
- Customers, products, and markets change
- New regulations are introduced
- New types of insurance become available
- The firm expands into new areas
Managers must continually re-evaluate risks, update methods, and revise programs.
Why Risk Management Matters
According to a survey of 600 executives by Toronto-based Watson Gardner Brown, risk management and compliance roles are the most difficult to staff — demand has skyrocketed following corporate scandals and securities market meltdowns. Institutional investors now demand rigorous risk oversight before entrusting funds to an organization.
Key Points for Exam/Study
- Risk = uncertainty about future events
- Speculative risk: gain or loss possible; Pure risk: only loss or no loss possible
- 5 steps: Identify → Measure (frequency + severity) → Evaluate alternatives → Implement → Monitor
- Four risk handling strategies: avoidance, loss prevention/control, retention (self-insurance), transfer (insurance)
- Step 5 (monitoring) loops back to Step 1 — it’s a cycle, not a linear process
- Risk management is one of the four responsibilities of the financial manager
Cross-Course Connections
FinancialManager — risk management is one of the four core responsibilities
SecuritiesMarkets — margin trading and short sales create speculative risk; meme stocks example
InvestmentVehicles — mutual fund vs ETF vs hedge fund choices involve risk-return tradeoffs
Open Questions
- How does a firm quantify the cost of risk avoidance vs. transferring risk via insurance?
- What is enterprise risk management (ERM), and how does it differ from departmental risk management?
Cross-course: Causation-RiskManagement — PHIL 252 causal reasoning tools applied to risk identification and measurement Cross-course: SelectionBias-SecuritiesMarkets — selection bias corrupts risk data and fund performance comparisons