By M. Abdullah Farooqui
Senior Manager, Corporate Services, PPL
Jan 03 - 16, 2000
Risk management may be defined as the minimisation of the adverse
effects of pure risks within a business. Pure risks can only result in a loss to the
organisation; whereas speculative risks may result in either gain or loss.
Within the context of a risk management programme, risk may be defined
as the chance of loss, and the programme is therefore geared to the safeguarding of the
organisation's assets, namely: manpower, materials, machinery, methods, manufactured
goods, and money.
The role of risk management in industry and commerce is to:
1. consider the impact of certain risky events on the performance of
2. devise alternative strategies for controlling these risks and/or
their impact on the organisation; and
3. relate these alternative strategies to the general decision
framework used by the organisation.
Inter-relationships and historical development
Before discussing the concept and approach of risk management in
detail, it is useful to examine the development of risk management and the
interrelationship between the various component disciplines. Such an examination
highlights the logical progression from one discipline to another, and also shows the
increased emphasis placed on the economic argument as the progression develops.
Safety in an industrial context may be defined as the
minimisation of contact between person and hazard, and is predominantly concerned with the
prevention of physical harm (injury) to an individual. Thus, the traditional approach to
safety has been inspired by humanitarian considerations, and spurred on by legal sanctions
without much recourse to the economic argument. Thus, safety was primarily concerned with
the prevention of serious or reportable injuries, and much effort was placed on
post-injury investigations, rather than on pre-accident prevention.
Gradually, however, it was realised that there was a need to examine
all injury accidents, irrespective of severity; and, also those accidents from which
injury did not result i.e. damage and near-miss accidents. This led to the
discipline known as loss prevention.
Loss prevention may be defined as the application of engineering
techniques in order to reduce the likelihood of accidents that could result in personal
injury; property damage; and the near-misses.
With the broadening of the data base to include a wider range of
accident situations, it became apparent that the next stage in the development was to
include any accident which resulted in a loss to the organisation.
Thus, areas such as fire prevention, security, health and hygiene,
pollution control, product liability, and business interruption were grouped together with
loss prevention to form the wider discipline of loss control.
Risk management (or risk reduction) may be defined as a management
system designed to reduce or eliminate all aspects of accidental loss that lead to a
wastage of an organisation's assets.
As the emphasis on the economic argument increased, the technique of
loss control has become more closely allied to financial matters, and in particular
The bringing together of insurance (risk transfer) and loss control
(risk reduction) was the final stage in the development of the new discipline of risk
This logical, progressive development from safety to risk management
may be presented in program form as:
Techniques of risk management
Risk management involves the identification, evaluation and economic
control of risks within an organisation.
Risk identification may be achieved by a multiplicity of techniques,
including physical inspections, management and worker discussions, safety audits, job
safety analysis, and Hazop studies. The study of past accidents can also identify areas of
Risk evaluation (or measurement) may be based on economic, social or
Economic considerations should include the financial impact on the
organisation of the uninsured cost of accidents, the effect on insurance premiums, and the
overall effect on the profitability of the organisation and the possible loss of
production following the issue of Improvement and Prohibition Notices.
Social and humanitarian considerations should include the general
well-being of employees, the interaction with the general public who either live near the
organisation's premises or come into contact with the discharges etc. and the consumers of the organisation's products or
services, who ultimately keep the organisation in business.
Legal considerations should include possible constraints from
compliance with health and safety legislation, codes of practice, guidance notes and
accepted standards, plus other relevant legislation concerning fire prevention, pollution,
and product liability.
The probability and frequency of each occurrence, and the severity of
the outcome including an estimation of the maximum potential loss will also
need to be incorporated into any meaningful evaluation.
Risk control strategies may be classified into four main areas: risk
avoidance, risk retention, risk reduction and, risk transfer.
This strategy involves a conscious decision on the part of the
organisation to avoid completely a particular risk by discontinuing the operation
producing the risk and it presupposes that the risk has been identified and evaluated.
For example, a decision may be made subject to employees' agreement, to
pay all wages by cheque or credit transfer, thus obviating the need to have large amounts
of cash on the premises and the inherent risk of a wages snatch.
Another example of a risk avoidance strategy from the health and
safety field would be the decision to replace a hazardous chemical by one with less or no
The risk is retained in the organisation where any consequent loss is
financed by the company. There are two aspects to consider under this heading: risk
retention with knowledge, and risk retention without knowledge.
a) With knowledge
This covers the case where a conscious decision is made to meet any
resulting loss from within the organisation's financial resources. Decisions on which
risks to retain can only be made once all the risks have been identified and effectively
b) Without knowledge
Risk retention without knowledge usually results from lack of knowledge
of the existence of a risk or an omission to insure against it, and this often arises
because the risks have not been either identified or fully evaluated.
The principles of risk reduction rely on the reduction of risk within
the organisation by the implementation of a loss control programme, whose basic aim is to
protect the company's assets from wastage caused by accidental loss.
The collection of data on as many loss producing accidents as possible
provides information on which an effective programme of remedial action can be based. This
process will involve the investigation, reporting and recording of accidents that result
in either injury or disease to an individual, damage to property, plant, equipment,
materials, or the product; or those near-misses where although there has been no injury
disease or damage, the risk potential was high.
The second stage of the development towards risk reduction is achieved
by bringing together all areas where losses arise from accidents whether fire,
security, pollution, product liability, business interruption etc., and
coordinating action with the aim of reducing the loss. This risk reduction strategy is
synonymous with loss control.
Risk transfer refers to the legal assignment of the costs of certain
potential losses from one party to another. The most common way of effecting such transfer
is by insurance. Under an insurance policy, the insurer (insurance company) undertakes to
compensate the insured (organisation) against losses resulting from the occurrence of an
event specified in the insurance policy (e.g. fire, accident, etc.).
The introduction of clauses into sales agreements whereby another party
accepts responsibility for the costs of a particular loss is an alternative risk transfer
strategy. However, it should be noted that the conditions of the agreement may be affected
by laws such as the Unfair Contract Terms Act 1977 of U.K and the interpretation placed on
Risk management in practice
The term 'risk management' refers to the process of reconciling the
conflicting demands of the various aspects of risk control. Where this occurs it is usual
for the person controlling the work the 'risk manager', to be a senior member of
management reporting to an executive director. He would co-ordinate the work of the
insurance, health and safety, fire, security, environmental and quality control
specialists. Liasion with outside bodies such as insurance brokers, Insurance companies,
Government Labour Inspectorate, Fire Prevention Officers, etc., is an important part of
the overall risk management activities, and should be actively encouraged.
The prime aim of a practical risk management programme is to provide a
cost-effective system designed to protect the resources of an organisation by controlling
the risks it faces.
Cost-effectiveness of risk management
The three fundamental arguments that may be employed to promote action
in the field of risk management concern the legal, humanitarian, and economic aspects.
For the vast majority of organisations, there will be few or no
quantitative data relating to the economic facets, and particularly to the costs
associated with accidents. In order to be able to demonstrate cost-effectiveness (or cost
benefit), there is therefore a need to be able to quantify the cost of all losses
associated with accidents.
To recapitulate one can say that as the size and complexity of
industrial sites is increasing and the human population is moving nearer, there is a
greater onus to manage risks. Risk Management involves knowing what are the risks, what is
their magnitudes and potential consequences, what is the appetite to absorb risks, what is
the practical and reasonable extent of controlling and retaining the risks, and what
should be the extent of transfer of risks to third party. Furthermore, that traditionally
various risks have been handled independently from each other but now the trend is to
manage all risks from a common platform, under a common policy and on a portfolio basis.
This approach is more economical and efficient. .
This Risk Management concept as a general management function seems to
be gaining practical acceptance in USA, UK and Europe and mostly as a voluntary option but
the likelihood of its becoming a federal or national law requirement may not be far off.
Oil and gas companies should note that the American Petroleum Institute
has issued API Recommended Practices 750 in January 1990 which incorporates elements of
We in Pakistan should not brush it aside as a too complex and
cumbersome management concept or premature for our social, political, and industrial
environment. Remember, we have twofold duty to perform as industrial managers i.e..
1. To make up the gap in technological development as well in
management practices as quickly as practical and then
2. To maintain the pace in future to remain abreast wherever reasonable
standards have already been achieved.
1. Bob Skelton, 1997, Process Safety Analysis, published by Gulf
Publishing Company, Houston, Texas, U.S.A.
2. Robin Pitblado and Robin Turney, 2nd. Ed. 1996, Risk Assessment In
The Process Industries, published by Institution of Chemical Engineers,
3. Clyde B. Strong and T. Rick Irvin, 1996, Emergency Response and
Hazardous Chemical Management, published by St. Lucie Press, Delray Beach, Florida, U.S.A.
4. Jacques Van Steen, Tno.1996, Safety Performance Measurement,
distributed by Gulf Publishers Company, Houston, Texas, U.S.A
5. Harris R. Greensberg & Joseph J. Cramer, 1991, Risk Assessment
and Risk Management for the Chemical Process Industry, published by Van Nostrand Reinhold
115, Fifth Avenue, New York
6. John Ridley, 2nd Ed. 1986, Safety at Work, published by
Butterworths, Borough Green, Sevenoaks, Kent, England.