Reading-Materials-3-Enterprise-Risk-Management

LESSON 3 CORE ELEMENTS OF RISK MANAGEMENT PROCESS

The key elements of a risk management program include:

1. Process

2. Integration

3. Culture

4. Infrastructure

These elements of a risk management program are flexible. They have to be, because strategies, organizational structures, operating philosophies and risk profiles vary in complexity across industries and firms. This article describes the steps in the process — your job is to put them into action as soon as possible.

Step One: Identify Risk

An enterprise risk assessment process identifies and prioritizes a company’s risks, providing quality inputs to decision makers to help them formulate effective risk responses, including information about the current state of capabilities around managing the priority risks.

Risk assessment spans the entire organization, including critical business units and functional areas. Effectively applied using business strategy as a context, risk assessment considers attributes such as: Impact

Likelihood

Velocity

Persistence

Step Two: Source Risk

Once priority risks are identified, they are traced to their root causes. If management understands the drivers of risk, it is easier to design risk metrics and proactive risk responses at the source. Will this step present challenges? Almost certainly. Overcoming them is key to success.

Step Three: Measure Risk

There is an old adage that says, “If you can’t measure something, you can’t manage it.” Because not all risks are quantifiable, increasing transparency by developing quantitative and qualitative risk measures is common practice.

Measurement methodologies may be simple and basic. Here are some examples of how to measure risk: Risk rating or scoring

Claims exposure and cost analysis

Sensitivity analysis

Stress testing

Tracking key variables relating to an identified exposure

More complex methodologies for companies with more advanced capabilities could differ — and might be more complicated. But remember: ignoring risk won’t make it go away. Other risk management methodologies might include analyzing these complex factors:

Earnings at risk

Rigorous analytics that are proprietary to the company

Risk-adjusted performance measurement

Examining value at risk

Step 4: Evaluate Risk

Based on the priority risks identified, their drivers or root causes and their susceptibility to measurement, the next step requires that management choose the appropriate risk response.

There are four categories of risk responses:

Avoid

Accept

Reduce

Share

These responses can be applied to groups of related risks consisting of natural families of risks that share fundamental characteristics (like common drivers, positive or negative correlations, etc.) consistent with a portfolio view.

The organization first decides whether to accept or reject a risk based on an assessment of whether the risk is desirable or undesirable. A desirable risk is one that is inherent in the entity’s business model or normal future operations and that the company believes it can monitor and manage effectively. An undesirable risk is one that is off-strategy, offers unattractive rewards or cannot be monitored or managed effectively.

If an entity chooses to accept a risk, it can accept it at its present level, reduce its severity and/or its likelihood of occurrence (typically through internal controls), or share it with a financially capable, independent party (typically through insurance or a hedging arrangement).

Step 5: Mitigate Risk

Depending on the risk response selected, management identifies any gaps in risk management capabilities and improves those capabilities as necessary to implement the risk response. Over time, the effectiveness of risk mitigation activities should be monitored.

Step 6: Monitor Risk

Models, risk analytics and web-enabled technologies make it possible to aggregate information about risks using common data elements to support the creation of a risk management dashboard or scorecard for use by risk owners, unit managers and executive management.

Dashboard and scorecard reporting should be flexible enough to enable the design of reports to address specific needs, including reporting to the board of directors. Examples of dashboard reporting, which often features “heat maps” or “traffic light” indicators, are provided in the Application Techniques of the COSO Enterprise Risk Management Integrated Framework. Monitoring also includes activities of an internal audit function.

The purpose of the risk management process varies from company to company, e.g., reduce risk or performance variability to an acceptable level, prevent unwanted surprises, facilitate taking more risk in the pursuit of value creation opportunities, etc. Regardless of purpose, the good news is that a large body of knowledge on the risk management process is readily available so that companies can adopt a process view that best fits their circumstances.

What are Risk management standards?

Risk Management Standards set out a specific set of strategic processes which start with the overall aspirations and objectives of an organization, and intend to help to identify risks and promote the mitigation of risks through best practice. Standards are often designed and created by a number of agencies who are working together to promote common goals, to help to ensure that organizations carry out high-quality risk management processes.

What are Risk management standards like?

Risk management standards are like a guide to help ensure that risk management is carried out in a proper way. Standards usually include checkpoints and examples, to make it really easy for organizations to comply.

What is the purpose of Risk management standards?

Risk management standards have been designed so that those who must carry out risk management processes have a guide to help them to work. These standards help to provide an international consensus on how to deal with certain risks, and they offer best practice advice on how to deal with others. Risk management standards help organizations to implement strategies which are tried and tested, and proven to work.

What are the different types of Risk management standards?

The ISO 31000 risk management standards framework includes:

ISO 31000:2009 – Principles and Guidelines on Implementation

ISO/IEC 31010:2009 – Risk Management – Risk Assessment Techniques

ISO Guide 73:2009 – Risk Management – Vocabulary

These ISO standards are designed to help guide organizations with a number of different strands of risk management.

As well as the popular ISO standards, FERMA has also produced its own risk management standard, which offers guidance for the whole processes, from identifying risks, right through to transferring some of that risk to another party.

What’s involved with accessing Risk management standards?

Risk management standards are produced by a number of different organizations worldwide. In order to access their risk management standards, you will have to visit the websites of these associations, or get in contact with them some other way. For example, the FERMA risk management standards are available on the FERMA website, and have been translated into a number of different languages, for ease of access.

Complying with some standards can earn an organization an accreditation.

Where do Risk management standards fit into the risk management process?

Risk management standards are usually introduced at the beginning of the risk management process, as they offer guidance on how to best complete the process. They may also be considered when looking at existing risk management processes, as they can be used to assess whether the strategies are sufficient.

How do Risk management standards impact on managing organizational risk? Risk Management standards impact on the ways which risk management processes are created and implemented. They offer guidance on setting the context of the strategies, as well as providing ideas about what should and should not be implemented as part of the risk management strategy. Many standards provide advice on how to best to quantify and classify risk.

What terms are used in Risk management standards?

Standard – a rule or principle which is used as the basis for judgment of the risk management process, a series of checkpoints which an organization should strive to achieve.

Risk – a potential consequence of an action. In recent developments in risk management, a risk can now be considered to be a negative or a positive consequence. A risk may or may not occur. Management – the strategies which are implemented in an attempt to combat potential risk.

What are Risk management tools and techniques?

Risk management tools and techniques are the things and ideas which are used to help to control risk in a company. They can help an organization to identify, evaluate, reduce or remove risk, so that these risks will not have as much of a potential impact onto that organization. Tools and techniques may be formal or informal.

What are Risk management tools and techniques like?

Risk management tools and techniques are like kitchen utensils. Without good kitchen utensils and the right baking techniques, it can be hard to bake a really good cake. For instance, without a whisk and the right egg white whisking technique, it can be very hard to make a great meringue. Without the right tools and techniques, it is highly likely that your attempts at risk management will fall flat!

What is the purpose of using Risk management tools and techniques?

The purpose of risk management tools and techniques are to give organizations a good way to create the best possible risk management strategy. Tools and techniques draw upon best practice to help to create guidelines and tricks which can help to make the risk management process much easier to complete.

What are the different types of Risk management tools and techniques?

Flowchart – A flowchart can be used to help to guide an organization through all of the main steps of risk management.

Checklist – A checklist can include step-by-step guides and tick boxes to help to ensure that everything has been done correctly and on time.

Standards – Standards are formal techniques of risk management which have been created to encourage best practice. Completing standards may help to gain an organization an accreditation.

SWOT Analysis – Creating one of these diagrams can help an organization to analyze potential risks as well as potential opportunities.

Data Gathering – Finding quantifiable data which can be used to show risk and risk probability. What’s involved with selecting a Risk management tool and technique?

The risk management tool or technique which is selected can depend on the mission statement of the organization, or the risk which is being addressed. Some techniques will not work when used to confront certain risks, whereas others will work particularly well. It is a good idea to choose techniques based on precedence. Some tools and techniques are specifically designed to help to identify risk, whereas other tools are designed to reduce or remove risk. The tool should therefore be used at the right stage of the process.

Where does selecting Risk management tools and techniques fit into the risk management process? Risk management tools and techniques are usually chosen after setting the context. Tools and techniques can be used to identify and evaluate risk, and these tools are usually chosen directly after the context has been set. Tools which are designed to address risk are usually chosen once the risk has been identified.

How do Risk management tools and techniques impact on managing organizational risk? The tools which are chosen can have a negative or a positive impact upon managing organizational risk. If you choose the correct tools and techniques, it will be much easier for you to monitor and prevent risks, however if you choose the wrong tools and techniques, you could inadvertently make the whole process much more complicated than it needs to be.

.

What terms are used in Risk management tools and techniques?

Risk – A problem which may occur

Tool – Something which can be used to help to complete an action or process

Technique – A method which can be used to do something well.

LESSON 4 CATEGORIES OF RISK

Risk categories can be defined as the classification of risks as per the business activities of the organization and provides a structured overview of the underlying and potential risks faced by them. Most commonly used risk classifications include strategic, financial, operational, people, regulatory and finance.

Uses of categories of risk

1. Risk categories help identify risks and enable them to become robust and practical at the same time. 2. It ensures that the users can track the origin of the underlying and potential risks faced by an organization. 3. These categories help determine the efficiency of the control systems implemented in all the departments of an organization.

4. It ensures that risk identification is made comprehensively, covering all the probable aspects of the underlying and upcoming risk conditions.

5. With these categories, users can determine the areas that are highly prone to risks, and it even allows in the identification of standard and probable causes.

6. With risk categories, users can even develop appropriate risk dealing mechanisms.

How to Identify Categories of Risk?

An organization must scrutinize its process assets to find out if the same has a defined set of risk categories or not. The users can make use of techniques like the Delphi technique, SWOT analysis, documentation reviews, information gathering techniques, brainstorming, root cause analysis, interviewing, assumption analysis, checklist analysis, risk register, outputs of risk identification, impact matrix, risk data quality assessment, simulation technique, etc.

Top 15 Risk Categories

#1 – Operational Risk

Operational risks can be defined as the risks of loss arising from improper implementation of processes, external issues (weather problems, government regulations, political and environmental pressures, and so on), etc. Operational risks can be better understood as a type of risk due to inefficiencies in business operations carried out by an organization. Examples of operational risks are insufficient resources, failure in resolving conflicts, etc.

#2 – Budget Risk

Budget risk can be defined as a risk that arises from an improper estimation of a budget allocated to a particular project or process. Budget risk is also regarded as cost risk, and the implications of such a risk are delay in the completion of a specific project, pre-mature handover of the project, failure to deliver the quality project or compromise in the quality of the project in comparison to what was committed to the client, etc.

#3 – Schedule Risk

When the release or completion of the project is not assessed and addressed correctly, the schedule risk takes place. Such a risk can impact a project and might even be the reason behind the failure of the same and, thus, can result in losses for the company.

#4 – Technical Environment Risk

Technical environment risk can be regarded as the risk concerning the environment in which both the customers and the clients operate. This risk can take place due to the testing environment, regular fluctuations in production, etc.

#5 – Business Risk

Business risks can occur due to the unavailability of a purchase order, contracts in the initial stage of a particular project, delay in the attainment of inputs from clients and customers, etc.

#6 – Programmatic Risk

These are the risks that are not within the control of a program or outside the purview of the operational limits. Changes in product strategy or government regulations are examples of programmatic risks.

#7 – Information Security Risk

Information security risks are concerned with the breach of the confidentiality of a company’s or clients’ sensitive data. The violation of such data can be a huge risk for an organization, and it might not just cause financial losses but also result in loss of goodwill of the same.

#8 – Technology Risk

Technology risks occur due to sudden or complete change concerning technology or even the installation of new technology.

#9 – Supplier Risk

Supplier risks take place in a scenario where there is third-party supplier interference in the development of a particular project owing to his association in the same.

#10 – Resource Risk

Resource risk occurs due to improper management of a company’s resources such as its staff, budget, etc. #11 – Infrastructure Risk

Infrastructure risk takes place as a result of inefficient planning concerning infrastructure or resources, and that is why it is always essential to have appropriate planning of infrastructure so that the project does not get impacted.

#12 – Technical and Architectural Risk

Technical and architectural risk are such type of risk that fails overall functioning and performance of an organization. These risks arise out of the failure of software and hardware tools and equipment that are taken into use in a particular project.

#13 – Quality and Process Risk

Quality and process risk occurs due to improper application of customizing a process and hiring of staff to the process that is not well trained and as a result of which the outcome of a process gets compromised.

#14 – Project Planning

Project planning risks are such risks that arise out lack of proper planning concerning a project. This lack of project planning can cost the project to sink and fail to meet the expectations of the clients as well.

#15 – Project Organization

Project organization is another risk associated with the improper organization of a particular project. This lack of project organizing can cost the project to sink and fail to meet the expectations of the clients as well.

Political risk indicates the commencement of risk arises due to change in the governing body of a country and therefore poses a risk to the investors who have investments in financial instruments like debt funds, mutual funds, equity, etc. Specific terms like corruption, terrorism, etc., related to the politics of a country may arise due to change in a political scenario, which further might result in a change in the regulations of the nation.

Political risk can also be termed as geopolitical risks that arise due to conflict between two countries. There can be hindrance across the businesses and finally slash the confidence level of the investors.

Types of Political Risks

Political uncertainty arises from the market place of the country. Several businesses surround the economy’s marketplace.

Change in government leads to a change in regulations and changes in business scenarios. For example, any change in the corporate tax rate by the ruling government can change corporate profits. There are certain legal aspects also which may challenge the way of doing business and lower profitability and enhance risks for the investors.

This risk may arise at any level, such as the national level, federal level, state level, etc. Thus, based on the scenarios, political risks can be divided into two types, such as macro risks and micro risks.

Financial risk is the possibility of losing money on an investment or business venture. Some more common and distinct financial risks include credit risk, liquidity risk, and operational risk.

Financial risk is a type of danger that can result in the loss of capital to interested parties. For governments, this can mean they are unable to control monetary policy and default on bonds or other debt issues. Corporations also face the possibility of default on debt they undertake but may also experience failure in an undertaking the causes a financial burden on the business.

Financial markets face financial risk due to various macroeconomic forces, changes to the market interest rate, and the possibility of default by sectors or large corporations. Individuals face financial risk when they make decisions that may jeopardize their income or ability to pay a debt they have assumed. Financial risks are everywhere and come in many sizes, affecting everyone. You should be aware of all financial risks. Knowing the dangers and how to protect yourself will not eliminate the risk, but it can mitigate their harm.

Understanding Financial Risks for Businesses

It is expensive to build a business from the ground up. At some point in any company's life the business may need to seek outside capital to grow. This need for funding creates a financial risk to both the business and to any investors or stakeholders invested in the company.

Credit risk—also known as default risk—is the danger associated with borrowing money. Should the borrower become unable to repay the loan, they will default. Investors affected by credit risk suffer from decreased income from loan repayments, as well as lost principal and interest. Creditors may also experience a rise in costs for collection of the debt.

When only one or a handful of companies are struggling it is known as a specific risk. This danger, related to a company or small group of companies, includes issues related to capital structure, financial transactions, and exposure to default. The term is typically used to reflect an investor's uncertainty of collecting returns and the accompanying potential for monetary loss.

Businesses can experience operational risk when they have poor management or flawed financial reasoning. Based on internal factors, this is the risk of failing to succeed in its undertakings.

Financial Risks for Governments

Financial risk also refers to the possibility of a government losing control of its monetary policy and being unable or unwilling to control inflation and defaulting on its bonds or other debt issues.

Governments issue debt in the form of bonds and note to fund wars, build bridges and other infrastructure, and to pay for its general day-to-day operations. The U.S. government's debt—known as Treasurys—is considered one of the safest investments in the world.

The list of governments that have defaulted on debt they issued includes Russia, Argentina, Greece, and Venezuela. Sometimes these entities only delay debt payments or pay less than the agreed-upon amount; either way, it causes financial risk to investors and other stakeholders.

Financial Risks for the Market

Several types of financial risk are tied to financial markets. As mentioned earlier, many circumstances can impact the financial market. As demonstrated during the 2007 to 2008 global financial crisis, when a critical sector of the market struggles it can impact the monetary wellbeing of the entire marketplace. During this time, businesses closed, investors lost fortunes, and governments were forced to rethink their monetary policy. However, many other events also impact the market.

Volatility brings uncertainty about the fair value of market assets. Seen as a statistical measure, volatility reflects the confidence of the stakeholders that market returns match the actual valuation of individual assets and the marketplace as a whole. Measured as implied volatility (IV) and represented by a percentage, this statistical value indicates the bullish or bearish—market on the rise versus the market in decline—view of investments. Volatility or equity risk can cause abrupt price swings in shares of stock.

Default and changes in the market interest rate can also pose a financial risk. Defaults happen mainly in the debt or bond market as companies or other issuers fail to pay their debt obligations, harming investors. Changes in the market interest rate can push individual securities into being unprofitable for investors, forcing them into lower-paying debt securities or facing negative returns.

Asset-backed risk is the chance that asset-backed securities—pools of various types of loans—may become volatile if the underlying securities also change in value. Sub-categories of asset-backed risk involve the borrower paying off a debt early, thus ending the income stream from repayments and significant changes in interest rates.

Financial Risks for Individuals

Individuals can face financial risk when they make poor decisions. This hazard can have wide-ranging causes from taking an unnecessary day off of work to investing in highly speculative investments. Every undertaking has exposure to pure risk—dangers that cannot be controlled, but some are done without fully realizing the consequences.

Liquidity risk comes in two flavors for investors to fear. The first involves securities and assets that cannot be purchased or sold quickly enough to cut losses in a volatile market. Known as market liquidity risk this is a situation where there are few buyers but many sellers. The second risk is funding or cash flow liquidity risk. Funding liquidity risk is the possibility that a corporation will not have the capital to pay its debt, forcing it to default, and harming stakeholders.

Speculative risk is one where a profit or gain has an uncertain chance of success. Perhaps the investor did not conduct proper research before investing, reached too far for gains, or invested too large of a portion of their net worth into a single investment.

Investors holding foreign currencies are exposed to currency risk because different factors, such as interest rate changes and monetary policy changes, can alter the calculated worth or the value of their money. Meanwhile, changes in prices because of market differences, political changes, natural calamities, diplomatic changes, or economic conflicts may cause volatile foreign investment conditions that may expose businesses and individuals to foreign investment risk.

Pros and Cons of Financial Risk

Financial risk, in itself, is not inherently good or bad but only exists to different degrees. Of course, "risk" by its very nature has a negative connotation, and financial risk is no exception. A risk can spread from one business to affect an entire sector, market, or even the world. Risk can stem from uncontrollable outside sources or forces, and it is often difficult to overcome.

While it isn't exactly a positive attribute, understanding the possibility of financial risk can lead to better, more informed business or investment decisions. Assessing the degree of financial risk associated with a security or asset helps determine or set that investment's value. Risk is the flip side of the reward. One could argue that no progress or growth can occur, be it in a business or a portfolio, without assuming some risk. Finally, while financial risk usually cannot be controlled, exposure to it can be limited or managed. Pros

Encourages more informed decisions

Helps assess value (risk-reward ratio)

Can be identified using analysis tools

Cons

Can arise from uncontrollable or unpredictable outside forces

Risks can be difficult to overcome

Ability to spread and affect entire sectors or markets

Tools to Control Financial Risk

Luckily there are many tools available to individuals, businesses, and governments that allow them to calculate the amount of financial risk they are taking on.

The most common methods that investment professionals use to analyze risks associated with long-term investments—or the stock market as a whole—include:

Fundamental analysis, the process of measuring a security's intrinsic value by evaluating all aspects of the underlying business including the firm's assets and its earnings.

Technical analysis, the process of evaluating securities through statistics and looks at historical returns, trade volume, share prices, and other performance data.

Quantitative analysis, the evaluation of the historical performance of a company using specific financial ratio calculations.

For example, when evaluating businesses, the debt-to-capital ratio measures the proportion of debt used given the total capital structure of the company. A high proportion of debt indicates a risky investment. Another ratio, the capital expenditure ratio, divides cash flow from operations by capital expenditures to see how much money a company will have left to keep the business running after it services its debt.

In terms of action, professional money managers, traders, individual investors, and corporate investment officers use hedging techniques to reduce their exposure to various risks. Hedging against investment risk means strategically using instruments—such as options contracts—to offset the chance of any adverse price movements. In other words, you hedge one investment by making another.

Strategic risks are risks that affect a company's business strategy or strategic objectives. These risks can be uncertainties or opportunities, and are normally the key matters that concern the board.

How to identify strategic risk?

The process of identifying strategic risk requires:

intimate knowledge of the company, including the company's operating market, and legal, social, political, and cultural environment

understanding of the company's strategic objectives

The process of identifying strategic risk culminates in specifying a series of risks that make up the company's risk profile.

What is a risk profile?

A risk profile is a view of all identified strategic risks.

Management and board members are often expected to decide on the aggregate level of risk to be taken by the company, as well as the amount of exposure to each type of risk the company handles. The risk profile illustrates the level and distribution of risk that a company retains.

Strategies for identifying strategic risk

There are many different strategies you can use to identify strategic risk.

Brainstorm in a group

Brainstorming involves a group of people working together to identify potential risks, failure modes, and hazards. Often these sessions involve discussions around risk causes and options for risk treatment. Brainstorming is a popular way to identify risk in addition to key controls.

Conduct a team-based exercise

Many companies conduct team-based exercises to get participants thinking about risks. SWIFT (Structured What If Technique) is a popular choice that involves a facilitator using a list of prompt phrases to encourage participants to identify risk.

Interview key stakeholders

You can conduct an interview with select people to ask others for their perspectives. Structured interviews are often used when designing the risk management framework, and involve consultations with key stakeholders. An interview is a good option if you need to assess risk appetite within the company.

Send out a survey

Similar to structured interviews, although involving a larger number of people, surveys can also be used to gather different perspectives on risk and control effectiveness. For example, if you want to assess a company's risk culture, you can send surveys to assess the internal control environment. Many companies send surveys on an annual basis to assess staff understanding of key risk and governance policies and procedures.

Use different types of analyses

There are a variety of analyses you can use to identify risk:

Insurance risks

Insurance risk is the risk of a change in value due to deviations between actual and expected insurance costs. This means the risk that actual outcome deviates from the expected outcome due to, for example, a higher claims frequency, larger average claims costs, one or more major claims or higher outcome of insurance costs compared with estimated provisions. Insurance risk primarily comprises premium and reserve level risk and disaster risk.

Premium risk

Premium risk is the risk of losses due to incorrect pricing, risk concentration, taking out wrong or insufficient reinsurance or a random fluctuation in the claim’s frequency and/or claims amount. The risk in the portfolio of the Group’s insurance operations is well-balanced and mainly comprises a large number of insurances with low, individual risks. Concentration risk in the overall portfolio is also considered to be low since the Group’s insurance portfolio is highly diversified in terms of both products and geography.

The Group manages and limits premium and disaster risk by the Board issuing policies regulating, for example, maximum retention and a framework for premium pricing. The Group carries out regular detailed reviews of premium pricing and continuously assesses the profitability of established insurance arrangements and changes in tariffs and premiums levels. To further limit premium and disaster risk, reinsurance has been taken out in the risk portfolios with a higher risk exposure to major and chain-reaction claims. Reinsurers are selected based on factors including expertise and financial position and comply with the policies established by the board of the insurance company. The Group continuously reviews the entire reinsurance program to ensure that all risks are covered as required.

Reserve level risk

Reserve level risk refers to the risk of variations in the time and amount of claims payments. Provisions for unearned premiums is intended to cover the expected claim costs and operating costs for the remaining term of valid insurance contracts. As compensation is only paid after a loss has occurred, it is also necessary to make provisions for claims outstanding. Technical provisions are the total of unearned premiums and unexpired risks and claims outstanding. Technical provisions always contain a certain degree of uncertainty as the provisions include an estimate of the size and frequency of future claim payments. The uncertainty of technical provisions is usually higher for new portfolios for which complete settlement statistics are not yet available and for portfolios in which final adjustment of claims takes place following a long period of time.

Solid Försäkring manages and minimizes reserve level risk by means of the Board’s policies on reserve level risk and technical provision risks and provisioning instructions that govern the calculation of technical provisions. The actuarial assumptions for determining the provisions for claims outstanding are based on historical claims and exposures that are known at the reporting date. The models used are clearly recognized actuarial models such as chain ladder or other loss development factor models. The outcome corresponds to a provision that covers the expected future payments for all claims incurred, even claims that have not yet been reported.

Provision for unearned premiums are calculated individually for each insurance contract. The computation uses experience-based factors, the starting point being how the claim costs are incurred over the period of insurance.

A straight-line (pro rata) earnings model is used for insurance risks with a term of 12 months or less. A provision for unexpired risks is made if the provision for unearned premiums is deemed to be insufficient to cover the company’s liabilities for the remaining terms of valid insurance contracts.

There is always some uncertainty associated with estimates of technical provisions. The estimates are based on facts relating to historical claims and assessments of future trends. Because the majority of the company’s claims are short-term in nature (for most portfolios, claims are concluded within 2 to 12 months from the claim date), the risk of negative developments due to factors such as future claims inflation is reduced.

The company’s Actuary function reports directly to the Board annually or more frequently in connection with the preparation of the annual accounts.

Disaster risk

A scenario in which the same event would generate claims on a large number of policies is considered unlikely as the insurance portfolio is well diversified. The company’s largest proportion of insurance is individual product insurance policies for consumer goods, which do not have any exposure to natural disasters, such as hurricanes, flooding, hail, earthquakes or subsidence.

6 Biggest Business Insurance Risks (and How to Mitigate Them)

These are the biggest insurance risks for small businesses that entrepreneurs should be aware of. Running a small business means exposing yourself to a certain amount of risk. You need safeguards in place to handle the fallout should problems occur. Although pitfalls and challenges can't be avoided, they can be mitigated with the proper precautions, planning, and insurance coverage. Below, insurance and legal experts share their thoughts on today's biggest insurance risks for business owners.

Business risk and insurance risk can be broken down into four subsets. By fully understanding the different types of business risk, you can better understand insurance risk and how insurance can protect your business from serious problems.

• Operational: Operational risk addresses your business's day-to-day dealings. That means handling equipment, workers, customers, and your overall product or service. By insuring tangible assets like equipment and property, you can mitigate risk. By protecting your business operations from outside events, like natural disasters, if the worst happens, you are covered.

• Strategy: Strategic risk occurs when your business's strategy is diluted or usurped by yourself or other businesses. By running a small business, you have to commit to a certain strategy for your product or service and stick to it. If competitors undermine your strategy by outperforming your product or service or undercutting your prices, you run the risk of falling behind in your industry. Research your competitors and understand how you can better protect your business.

• Compliance: Compliance risk pertains to your business's ability to adhere to certain rules and regulations outlined by your industry or the government. This includes things like tax burdens, municipal zoning and property laws, distribution laws, and other rules and regulations related to your business (e.g., HIPAA, good manufacturing practices, etc.). Eliminating compliance risk requires that you stay abreast of the latest rules in your industry and business. While you can't purchase insurance related to taxes and other forms of compliance risk, you should be aware of your obligations in staying informed and how your business could be at fault.

• Reputational: The final type of business risk is reputational. That means protecting your business from security problems, data privacy breaches and other cybersecurity issues. It also involves taking steps to protect your brand and logo. You can insure your business and customer data so in the event either is compromised, you are covered.

Types of insurance risk

Data breaches

Businesses across all industries have seen a huge increase in cybersecurity problems in recent years. Chris Roach, managing director and national IT practice leader of CBIZ Risk & Advisory Services, said data hacks have hit fast-food retailers and e-commerce businesses particularly hard. However, he added that every business that accepts credit cards should reevaluate and standardize its security practices to protect against fraudulent activity.

What to do: If you have a brick-and-mortar store, one of the most important things you can do is ensure that your credit card technology meets EMV standards to prevent fraud liability from falling onto your shoulders, Roach said. Every business should also review its compliance with Payment Card Industry Data Security Standards (PCI DSS), he said.

"Complying with PCI DSS protects a merchant against digital data security breaches across their entire payment network, not just a single card," Roach said. "Failure to comply can result in penalties and fines if a data breach does occur on your end."

Cyber insurance is also an important consideration for small businesses. Myles Gibbons, president of select accounts at Travelers, said that more than half of data breaches last year occurred in companies of 250 or fewer employees.

"Cyber coverage has grown increasingly important to all types of businesses and can help to protect them from the costs of data breach notification, remediation, card payment penalties, crisis management, and public relations," he said. [See related story: Small Business Insurance: What Do You Need?]

What Is Reputational Risk?

Reputational risk is a threat or danger to the good name or standing of a business or entity. Reputational risk can occur in the following ways:

Directly, as the result of the actions of the company itself

Indirectly, due to the actions of an employee or employees

Tangentially, through other peripheral parties, such as joint venture partners or suppliers In addition to having good governance practices and transparency, companies need to be socially responsible and environmentally conscious to avoid or minimize reputational risk.

The biggest problem with reputational risk is that it can literally erupt out of nowhere and even without warning. Reputational risk can pose a threat to the survival of the biggest and best-run companies and has the potential to wipe out millions or billions of dollars in market capitalization or potential revenues.

Understanding Reputational Risk

Reputational risk is a hidden danger that can pose a threat to the survival of the biggest and best-run companies. It can often wipe out millions or billions of dollars in market capitalization or potential revenues and can occasionally result in a change at the uppermost levels of management.

Reputational risk can also arise from the actions of errant employees, such as egregious fraud or massive trading losses disclosed by some of the world's biggest financial institutions. In an increasingly globalized environment, reputational risk can arise even in a peripheral region far away from home base.

In some instances, reputational risk can be mitigated through prompt damage control measures, which is essential in this age of instant communication and social media networks. In other instances, this risk can be more insidious and last for years. For example, gas and oil companies have been increasingly targeted by activists because of the perceived damage to the environment caused by their extraction activities.