85 Rules of Risk Management

August 12, 2009

Photo credit: Dave Starrett

GENERAL

1.  An organization’s risk management program must be tailored to its overall objectives and should change when those objectives change.

2.  If you are in a “safe” business (relatively immune from depression, bankruptcy, or shifts in products markets), your risk management program can be more “risky” and less costly.

3.  Don’t risk more than you can afford to lose.

4.  Don’t risk a lot for a little.

5.  Consider the odds of an occurrence.

6.  Have clearly defined objectives that are consistent with corporate objectives that are consistent with corporate objectives.

7.  The risk management department as a user of services should award business on the basis of ability to perform.

8.  For any significant loss exposure, neither loss control nor loss financing alone is enough; control and financing must be combined in the right proportion.

RISK IDENTIFICATION MEASUREMENT

• Build The Risk Plan. Success Will Follow.
• 85 Rules of Risk Management
• Risk Perspectives
• Canada tops global threat list
• 2009 Terrorism Map (pdf)
• Risk Management: Values, Sample Mission Statement, Definition, Loss Checklist

Back to main page

9.  Review financial statements to help identify and measure risks.

10. Use flow charts to identify sole source suppliers or other contingent business interruptions exposures.

11. To more fully identify and assess risks, you must visit the plants and relate to operational people.

12. A reliable database is essential to estimate probability and severity.

13. Accurate and timely risk information reduces risk, in and of itself.

14. The risk manager should be involved in the purchase or design of any new operation to assure that there are not built-in risk management problems.

15. Be certain environmental risks are evaluated in mergers, acquisitions, and joint ventures.

16. Select hazardous waste contractors on their risk control measures and their financial stability or insurance protection.

17. Look for incidental involvement in critical risk areas (i.e., aircraft and nuclear products, medical malpractice, engineering design, etc.).

RISK CONTROL

18. Risk control works. It is cost effective and helps control local operating costs.

19. The first (and incontrovertible) reason for risk control is preservation of life.

20. A property conservation program should be designed to protect corporate assets – not the underwriter.

21. Be mindful that key plants and sole source suppliers may need protection above and beyond normal HPR requirements.

23. Quality control should not be a substitute for a full product liability control program. Quality control only assures that the product is made according to specifications, whether good or bad.

24. Most of the safety-related “standards” of governmental agencies should be considered as minimum requirements.

25. Duplicate and separately store valuable papers and back-up data processing media.

26. Avoid travel by several key executives in a single aircraft.

RISK FINANCING

27. Risk management should focus on two separate zones of risk relative to the maximum dollar loss the company can survive from a single occurrence:

• Below this level – optimize the use of insurance relative to current cost.
• Above this level – transfer risk (usually insurance) to maximum extent possible. Cost effectiveness is not a criterion in this zone; survival is.

28. An entity with an unlimited budget can benefit from adopting all risk management measures that have benefits to the entity with an expected present value greater than the expected present value of costs of those measures to that entity.

29. When, for budgetary or practical reasons, and entity must choose between mutually exclusive risk management measures, the entity should choose that measure which offers it the greatest excess of benefits over costs, when both benefits and costs are expressed as expected present values.

30. Competitive bidding that causes market disruption should be avoided.

31. Never depend solely on someone else’s insurance.

32. Retrospective rating plans of more than one year hamper flexibility.

33. A tax advantage should be considered a “plus” – not a principal reason for a risk financing decision.

34. Risk – taking presents an opportunity for economic gain.

CLAIMS MANAGEMENT

35. The risk manager should be notified immediately (within 24 hours) of major loss or potential loss.

36. Major liability claims should be reviewed for adequacy of investigation and accuracy of the reserve.

37. Be careful of local plant involvement in property and liability claims. Local personnel may be too defensive to properly review a major claim.

38. Request early advance payments on large property and business interruption losses.

39. Secure several estimates or an appraisal of self-insured vehicle physical damage losses.

40. Aggressive claims subrogation (insured and self-insured) reduces costs.

41. A claim and disability management program, directed toward getting the employee back to work as soon as possible, can save money even though the employee cannot do all phases of the job.

42. Periodically audit claims reserves of insurers and self-insurance administrators.

43. The best claim is closed claim.

INTERNATIONAL

44. Multinational organizations should step up to their international risk management responsibilities.

45. Establish a worldwide risk and insurance management program; don’t rely totally on a Difference in Conditions approach.

46. A combination of admitted and non-admitted insurance usually provides the best overall international program.

47. Avoid the use of long-term insurance policies overseas.

48. Be sensitive to and don’t underestimate nationalism when implementing a worldwide risk management program.

49. Don’t ignore local objections worldwide programs.

ADMINISTRATIVE

50. Establish a level of authority via management policy statement.

51. Prepare and universally distribute a Corporate Risk Management Manual.

52. Set up realistic annual objectives with your brokers, underwriters, and vendors and measure their accomplishments and results.

53. Verify the accuracy of all relevant information you receive.

54. Read every insurance policy carefully.

55. Keep program design simple.

56. Consolidate – where it makes sense to do so.

57. Develop record retention procedures.

58. Keep inter-company premium allocations confidential.

59. Establish administrative procedures in writing.

TECHNICAL

60. Insurance policy provisions should be uniform as to named insured, Notice and Cancellation clauses, territory, etc.

61. The Notice provision in all insurance policies should be modified to mean notice to a specific individual.

62. Primary policies with annual aggregates should have policy periods that coincide with Excess policies.

63. Joint loss agreements should be obtained from Fire and Boiler and Machinery insurers.

64. Add “Driver Other Car” protection to your corporate Automobile insurance.

65. Eliminate Coinsurance clauses.

66. Know the implications of and differences between “indemnity” and “pay on behalf of” Liability contracts.

67. Risks accepted under contracts are not necessarily covered under Contractual Liability coverage.

68. Add employees as insured to Liability contracts.  Use discretionary language to avoid defending hostile persons.

COMMUNICATION

69. All communication providing or requesting information should be expressed in clear, objective language, leaving no room for individual interpretation.

70. All communications and relationships should be conducted with due consideration to proprietary information.

71. Communicate effectively up and down and avoid management surprises.

72. Don’t tell senior management anything – ask them, counsel them, inform them.

73. Communicate in business language; avoid insurance jargon.

74. Obtain letters of intent or interpretations regarding agreements (coverage or administrative) that are outside of or in addition to actual insurance or Service contracts.  Never rely on verbal agreements.

75. The immediate supervisor to the risk management function should be educated in the principles of risk management.

76. Communicate every insurance exclusion and non-insurance implication to your management.

77. In competitive bidding situations, advise each competitor that the first bid is the only bid and stick to it.

78. Risk managers should meet with underwriters rather than relying totally on others for market communications.

PHILOSOPHICAL

79. The risk manager (and his corporation) should avoid developing the reputation of a “shopper” or market burner.” This reputation can be detrimental to the corporation’s best interests and the risk manager’s credibility.

80. Determine your personal level of risk aversion and temper intuitive judgments up or down accordingly.

81. Program design will always be a function of current practicalities tempered by management’s level of risk aversion.

82. Everyone is in business to make a fair profit.

83. Long-term, good faith relationships are not obsolete.

84. Integrity is not out of style.

85. Common sense is the most important ingredient in risk management.

Source: Harvard Aimes Group