The role of risk management has been evolving in recent years. Organizations are coming to recognize that traditional risk management practices need to be expanded given today's business conditions and the effects of some key wide-scale disasters. This provides significant growth potential for those who can expand their horizons beyond the traditional risk management model. Recent crises have demonstrated the need for a high level, systematic approach to risk management that goes beyond scope of individual business units. There is an absolute need to integrate risk management into the strategic management planning and decision-making processes.
The term "risk management" is used in a wide variety of contexts. The banking world refers to risk management dealing with their concern for borrowers who may default on loans. Physicians refer to risk management in the context of treating their patients. This paper is focused on safety professionals, who view traditional risk management as including purchasing insurance, managing contracts and contract language, managing insurance claims, and directing risk control efforts. The goal is to minimize the effects of accidental losses for insurable events through financing, indemnification or hold-harmless clauses, claim handling, or risk control. Traditional risk management departments handle workers' compensation, general liability, automobile liability, and property claims.
For insurance professionals, the most common risk management definitions are taken from the Insurance Institute of America (IIA) Associate in Risk Management (ARM) series (IIA 4-5). There is a definition for risk management as a managerial or administrative process and another for risk management as a decision-making process.
"Risk management as a managerial or an administrative process is defined as a process that includes the four functions of planning, organizing, leading, and controlling the organization's activities to minimize the adverse effects of accidental and business losses on that organization at reasonable cost."
"Risk management as a decision-making process is a sequence of the following five steps:
Identifying and analyzing exposures to accidental and business losses that might interfere with an organization's basic objectives
Examining feasible alternative risk management techniques for dealing with those exposures
Selecting the apparently best risk management techniques
Implementing the chosen risk management techniques
Monitoring the results of the chosen techniques to ensure that the risk management program remains effective"
The first definition above, from the 1997 edition of the book, clearly includes "business losses" and "at reasonable expense". These phrases were added to an earlier definition to emphasize that risk management applies to a more broad scope than traditionally considered.
Traditional risk management is described by George L. Head: "In many organizations, risk management as a function is limited to only threats of loss. Relatively few organizations currently consider opportunities for possible gains to be made within the scope of risk management. Indeed, many 'traditional' risk managers avoid any opportunities to become involved in making decisions about opportunities for gain so they would not be accused of trying to step beyond the proper scope of their authority.
