An Introduction to Risk

and Uncertainty
The flowchart given below gives, in a nutshell, what we will be assessing under risk
management and insurance.

Start

NO

Risk Analysis
Is there a
Do nothing
risk?

YES

Avoid or YES Can it be

eliminate avoided or
eliminated?

Disregard

NO NO

Risk Evaluation
NO Is the
Can it be YES
Face the risk residual risk
reduced?
significant?

YES

Can it be NO Is it a
retained? catastrophe?
Risk Financing

YES YES

Retain Transfer

End

FIN4345: Risk Management and Insurance 1

Risk Analysis
We begin with risk analysis where the question is asked: “is there a risk?”
If there is a risk present, then it does not make sense to hold on to that risk. Therefore,
we look into ways to avoid or eliminate that risk. Eliminating the risk refers to making
the level of risk zero. Avoiding refers to getting oneself out of the way of the risk rather
than trying to eliminate the risk altogether.
However, it is extremely difficult, and in some cases, virtually impossible to eliminate
risk by 100%.
Additionally, it may not be wise to avoid the risk as well. This is due to the risk/reward
relationship. Risk comes with a certain degree of expected returns/reward for bearing
that risk. Therefore, by avoiding the risk we are effectively getting rid of any potential
rewards as well. Consider the example of fuel; it is a highly flammable and volatile
substance, but if we avoid using fuel altogether, we will be left will little-to-no means
of transport.

Risk Evaluation
If we cannot eliminate or avoid the risk, then it is apt to evaluate the risk we are facing.
Here, the first query we have is: “can we reduce the level of risk?” For instance,
imagine a printing press which prints the packaging used to store cuts of meat in
supermarkets. The manufacturer of such packaging requires a special chemical that
is highly flammable with no other safe alternative. So, without eliminating the risk, the
press may seek to reduce the risk. They may take certain practical measures such as
storing a smaller quantity of the chemical at the factory at a given time – say 50L –
rather than a larger quantity – 1000L.
Now, once such measures are taken, we have to ask if the residual risk – that is, the
risk remaining after such precautionary measures are taken – is significant. Continuing
the previous example, will 50L of the chemical do as much damage as 1000L if it
catches fire? Is the damage low enough or is it still risky?

Risk Financing
If the residual risk is also significant, then we must look into whether the risk can lead
to a catastrophe.
For the printing press in the above example, a catastrophe would be total destruction
of the factory by a potential fire caused by the chemical.
If the risk is not catastrophic, we would learn to live with the risk. This is termed
retaining the risk. Retaining the risk does not mean doing nothing about the risk, but
rather it means that steps are taken to handle the risk internally if and when it occurs.
For our printing press this may entail the installation of fire extinguishers and
establishing a direct emergency line to the nearest fire department.
If the residual risk is catastrophic, however, we have to deal with it by getting outside
aid. This is transferring the risk to another party. Our printing press can either

FIN4345: Risk Management and Insurance 2

outsource the storage of the chemical to another company or obtain an insurance
cover for the factory in the event a fire does occur. The company will have to incur a
certain level of cost to transfer this risk on to someone else.

Risk and Uncertainty

Life is full of risks. We are unsure of what will transpire in the next hour, let alone the
next year.
These personal risks include death, injury, sickness, family issues, unemployment,
loss/damage to personal property (moveable and immovable), liability to others, etc.
The world we live in today pose constant risks to our survival in more implicit ways
than we realize. Accidents on roads, faulty elevators, unknown chemicals infused with
foodstuffs, all pose a certain level of risk.
Businesses too are faced by numerous risks such as loss or damage to
movable/immovable property, liability to employees and third parties (chemicals
released to air and waterways, excessive noise), pollution, natural disasters, loss of
profits, legal action, death of key employees, etc.
Therefore, today to manage personal and business risk one cannot simply rely on gut-
feeling or common sense. Risk management must be done in a rigorous and scientific
manner.

Key Concepts
Certainty. This refers to a state of being free from doubt and being definite. In today’s
context it is extremely rare to be certain about future occurrences. For instance, if
certainty prevailed, a company will be able to know accurately their performance in the
next quarter.
Uncertainty. Risk arises out of uncertainty. It is the doubt of a future outcome or a
situation where the outcome cannot be known with certainty. According to the
American Academy of Actuaries, uncertainty refers to situations where the
probabilities of possible outcomes are unknown and cannot be estimated.
Risk. This is the potential variation in outcomes or gives rise to possible gain or loss
that cannot be predicted. Risk is an uncertainty; it creates both problems as well as
opportunities. The level of problems/opportunities depends on the level of risk
undertaken. The American Academy of Actuaries states that unlike uncertainty, in risk
the probabilities of possible outcomes can be known or estimated with some degree
of accuracy.
Risk Preference. This is a psychological state of mind where a person either loves risk
or hates it. There are three (3) types of risk preferences we can identify:

FIN4345: Risk Management and Insurance 3

 1) Risk averse: The risk averse person takes all possible precautions to mitigate
the risk. They would be highly concerned of risk and would pay more to avoid
taking risk.
2) Risk neutral: The risk neutral person is indifferent to any level of risk. Risk has
no bearing nor any effect on this person. They would not take any precaution
to mitigate risk.
3) Risk preferer: the risk preferer goes seeking risk and would not mind volatility
and instability. They would pay more to take more risk.
It is important to note that neither three types of risk seekers would get a better
outcome than the other. This is because, you would get the suitable return for the level
of risk you take. There is no additional reward for being risk averse, neutral, or seeking.
A society needs all three types of people; a society with 100% risk averse, neutral, or
seeking persons would soon fall into collapse.
Objective Risk. This is also called the degree of risk. It is defined as the relative
variation of actual loss from expected loss. Objective risk is the measurable
component of risk and is usually represented by the measure of standard deviation.
For example, consider a property insurer with 10,000 houses insured. On average
assume that 1% of houses are damaged by fire per year – that is 100 houses
(=1%×10,000 houses). But it is rare that exactly 100 houses may burn every year;
some years it may be 90 houses, some years 110. Thus, there is a variation of ±10
houses from the expected number (100) each year. This 10% variation (=10 houses /
100 houses) is known as objective risk.
Subjective Risk. This is also called the perceived risk. It is an individual’s personal
attitude towards risk. It can be defined as uncertainty based on a person’s mental
condition or state of mind. For example, take a person who has been arrested several
times for drunk driving, attempts to drive home from the bar one night after drinking
heavily. This person may be uncertain if he can make it home safely without being
arrested by the police once more. This mental uncertainty is subjective risk.
Remember, two people facing the same situation can have two different perceptions
of risk. Regarding our drunk driver, while he may choose to drive home, his drinking
buddy may ask someone else to drive that night.
Information. The availability of timely, accurate, and reliable information can lessen
the doubt a person has about predictability.
Diversifiable Risks. This is a risk that affects only individuals or small groups and not
the entire economy. It is a risk that can be reduced or eliminated by diversification. For
example, a diversified portfolio of stocks, bonds, and certificates of deposits (CDs) is
less risky than a portfolio that is 100% invested in common stocks.
Non-diversifiable Risks. This is a risk that affects the entire economy or large numbers
of people or groups within the economy. It is a risk that cannot be eliminated or
reduced by diversification. Examples include rapid inflation, cyclical unemployment,
war, hurricanes, floods, and earthquakes. It is also called fundamental risk as it usually
impacts the entire economy.

FIN4345: Risk Management and Insurance 4

The Certainty-Uncertainty Continuum

Level of Uncertainty Characteristics Examples

Outcomes can be Physical laws, natural

None (Certainty)
predicted with precision. sciences

Outcomes are identified

Level 1 Games of chance: cards,
and probabilities are
(Objective uncertainty) dice
known.
Outcomes are identified
Level 2 Fire, automobile accident,
but probabilities are
(Subjective uncertainty) many investments
unknown.
Outcomes are not fully Space exploration,
Level 3 identified, and genetic research, new
probabilities are unknown markets

 The table initially presents a level where there is no uncertainty. While most of
the universal laws are still unexplored, there are certain aspects of our daily
lives that are certain – the sun will rise and set for another few billion years, that
much is certain.

 In level 1 of uncertainty, we can identify the outcomes and we are able to

calculate the probability of their occurrence. However, such instances are rare
in the natural world. Certain man-made games can be classified here.

 In level 2 of uncertainty, we are able to identify the outcomes of certain events,

but it is not possible to calculate the probability of their occurrence accurately.
This is the type of uncertainty that is most prevalent in the world today. In this
level we are able to take certain precautionary measures to manage risk. For
instance, on the road we know that an accident may occur, but we are unable
to determine exactly at what time and place such an accident will happen; what
we can do is drive safely and adhere to the road rules. Same goes for
investments; we know that certain investments may give a return, and some
may fail, but we do not know which exact investments these are and when it
will happen. What we can do is invest wisely and not take excessive risks.

 In level 3 of uncertainty, the outcomes of events are unknown, and the

probability of their occurrence is also unknown. For instance, when entering a
new market, we have no idea if that market will succeed or fail. A small number
of organizational risks falls here.

FIN4345: Risk Management and Insurance 5

Uncertainty, Information, and Communication
The reduction of uncertainty has economic value.
Information can reduce the levels of uncertainty but will depend on the type of
information to identify the possible outcomes.
Communication can reduce the levels of uncertainty.
Communicating and informing the stakeholders would reduce the levels of uncertainty
in their minds.

Hazard
A hazard is a condition that creates or increases the frequency or severity of loss.
There are four (4) major types of hazards:
1) Physical hazard
2) Moral hazard
3) Attitudinal hazard (morale hazard)
4) Legal hazard

Physical Hazard
A physical hazard is a physical condition that increases the frequency or severity of
loss. Such hazards may or may not be within human control.
Examples of physical hazards include icy roads that increase the chance of an auto
accident, defective wiring in a building that increases the chances of a fire, and a
defective lock on a door that increases the chances of theft.

Moral Hazard
Moral hazard is dishonesty or character defects in an individual that increase the
frequency or severity of loss. It stems from an individual’s mental attitude which has a
bearing on insurance/risk.
Examples of moral hazard in insurance include faking an accident to collect benefits
from an insurer, submitting a fraudulent claim, inflating the amount of a claim, and
intentionally burning unsold merchandise that is insured. Murdering the insured to
collect the life insurance proceeds is another important example of moral hazard.
Moral hazard increases the premiums paid by insured persons. This is as insurers pay
for claims via the premiums collected from others. If dishonest people keep claiming
insurance, insurance companies have to collect more funds from other insured
persons, raising the level of the premiums for everyone. Today, most insurers have
systems in place to detect such dishonest claims.

FIN4345: Risk Management and Insurance 6

Attitudinal Hazard
Attitudinal hazard is carelessness or indifference to a loss, which increases the
frequency or severity of a loss.
Examples of attitudinal hazard include leaving car keys in an unlocked car, which
increases the chance of theft; leaving a door unlocked, which allows a burglar to enter;
and changing lanes suddenly on a congested expressway without signalling, which
increases the chance of an accident.

Legal Hazard
Legal hazard refers to characteristics of the legal system or regulatory environment
that increase the frequency or severity of loss.
Examples include adverse jury verdicts or large damage awards in liability lawsuits;
statutes that require insurers to include coverage for certain benefits in health
insurance plans, such as coverage for alcoholism.

Managing Risks and Uncertainty

Risk imposes a cost to the organization. This is known as the cost of risk which is the
total costs associated with treating the situations or circumstances in which a loss is
possible (loss exposures).
Cost of risk is the sum of:
1) Expenses of strategies to finance potential losses

2) The cost of unreimbursed losses

Insurers will never compensate for 100% of the loss incurred. They will, at most,
cover around 90% of the loss. The 10% that is not reimbursed is the
unreimbursed loss. Remember, if an insurer covers the total loss, then
everyone will cause intentional damage to recoup benefits – intentionally burn
down a building to get a brand-new building from the insurer.

3) Out-lays to reduce the risk

Companies will take practical measures to minimize risk, which do not come for
free. For instance, they will incur costs to install fire alarms, sprinkler systems,
and extinguishers to reduce risk of fire; they will install CCTV cameras, high-
security vaults, and hire security personnel to minimize risk of burglary/theft.

4) The opportunity cost of activities forgone due to risk considerations

Because a company will spend heavily on risk mitigation and insurance, they
will be sacrificing certain other uses for which that money could have been
allocated. For instance, they may have to give up capacity expansion in order
to improve security at the existing facility.

FIN4345: Risk Management and Insurance 7

There is also the cost brought by the uncertainty of loss, known as cost of uncertainty.
Examples of uncertainty cost include fear, no peace of mind, and insurance costs.
Note that measures taken to totally eliminate risk are extremely costly and are
therefore impractical. Furthermore, no rational organization will take zero risk, as no
risk means no expected reward.

What is a Risk?
There is no single definition of risk. Economists, behavioural scientists, risk theorists,
statisticians, actuaries, and historians each have their own concept of risk.
Traditionally, risk has been accepted as the uncertainty concerning the occurrence of
a loss. In other words, risk is the chance or probability of a loss.
Today we do not describe risk in the traditional sense.
Today, risk has to be defined in terms of the frequency (or probability of loss), and the
severity of the loss when it occurs.
This definition helps us manage risks differently based on the level of frequency and
severity.

Frequency vs. Severity

Common fever or
ailments
Bush Fires
High Minor
Avalanches
thefts/shoplifting
Motor car accidents
Frequency

Boiler explosion
Major floods
Minor medical surgery
Terrorism
Low 3rd party property
Major fires
damage
Tsunamis/Earthquake
Pollution

Low High

Severity

FIN4345: Risk Management and Insurance 8

Based on our discussion on a two-dimensional nature of risk – that is, frequency and
severity – we can identify four different levels of risk as shown on the four quadrants
of the above 2x2 risk matrix.
A risk matrix is a grid on which risks facing the organization are charted based on
potential frequency and severity of loss to the organization. Within each quadrant is
given examples for each specific risk type.
On the horizontal/x-axis we find risk severity. Severity refers to the
degree/impact/extent/magnitude of harm if the loss occurs.
On the vertical/y-axis we find risk frequency. Frequency refers to how often the losses
occur.
We now look at each quadrant on the risk matrix.
1) Frequency: HIGH | Severity: LOW
These are frequent ailments that may occur and have minor impacts on human
life.
The common cold can spread among people due to improper hygiene; however
modern medicine can cure the virus within 2-3 days.

2) Frequency: HIGH | Severity: HIGH

These are risk that are commonplace and result in disastrous consequences.
The Australian bushfires commonly occur every year due to high temperatures
and dry conditions. The fires ravage acres of forest destroying ecosystems and
habitats, rendering certain animal species extinct. Further, they force many
businesses to shut, homes to be destroyed, and tourism to collapse.

3) Frequency: LOW | Severity: LOW

These risks materialize very infrequently, and even when they do they do not
cause significant losses.
Consider 3rd party insurance in a logistics and supply chain firm. Delivery
vehicles are susceptible to accidents at any time and may cause property
damage. However, highly skilled nature of drivers employed means such
accidents are very rare, and even if they do occur, it does not significantly
impact the bottom line.

4) Frequency: LOW | Severity: HIGH

These risks are uncommon, but they cause significant losses if they ever
materialize.
This is the type of risk that organizations today mostly deal with. They are also
the risk type that needs significant monitoring.
We say this because given the uncommon nature of such risks, management
may forget it even exists and may be implement lax risk mitigation strategies.
Then when they do occur, the management is ill-prepared to combat it.
For instance, consider nuclear energy companies. The nuclear energy
produced is a very eco-friendly and sustainable. However, if there is even a

FIN4345: Risk Management and Insurance 9

 slight flaw in the process the damage from radiation poisoning and nuclear
fallout may be irreversible (e.g.: the Chernobyl disaster of 1986)

Techniques to Manage Risk Types

In determining the appropriate technique to manage risk, we can again use the risk
matrix. Different types of risk require different types of management techniques – there
is no one best way to manage all risks.

High CONTROL AVOID

Frequency

Low RETAIN TRANSFER

Low High
Severity

For low-frequency and low-severity exposures, risk retention is commonly used. For
instance, the occasional theft of office stationery by an employee is mostly tolerated
to some degree.
For high-frequency and high-severity exposures, risk is avoided. For instance, if a
pharma company realizes one of its drugs have a fatal side effect, that drug must be
removed from the market as soon as possible.
For high-frequency and low-severity exposures, risk control can be practiced. For
instance, to prevent theft occurring in departmental stores certain valuable items may
be placed in a locked display case or have magnetic security tags.
For low-frequency and high-severity exposures, risk is usually transferred. Insurance
is a common example of risk transferring.

Classifications of Risk
Risk can be classified into several distinct cases:
1) Pure and Speculative
2) Fundamental and Particular (Non-diversifiable and Diversifiable)
3) Subjective and Objective

FIN4345: Risk Management and Insurance 10

Pure Risk and Speculative Risk
Pure risk is defined as a situation in which there are only the possibilities of loss or no
loss. The only possible outcomes are adverse (loss) and neutral (break-even).
Examples of pure risks include premature death, job-related accidents, catastrophic
medical expenses, and damage to property from fire, lightening, flood, or earthquake.
We say there is only loss or no loss because even if property was insured, the insurer
will compensate only for the loss incurred and not more than that – there can be no
gain/profit from pure risk.
Speculative risk is defined as a situation in which either profit, break-even, or loss is
possible.
Examples of speculative risks include investment in the stock market, venturing into
new markets, launching new products, hedging using forward contracts, betting on a
horse race, and investing in real estate.
Consider, for instance, if you purchase 100 shares of common stock, you will profit if
the stock price increases but would lose if the price declines.

Fundamental (Dynamic/Non-diversifiable) Risk and Particular

(Static/Diversifiable) Risk
Fundamental risk is impersonal both in origin and consequence. It is not normally
caused by one individual and the impact generally falls on a wide range of people.
These arise out of the nature of society we live in or some physical occurrence beyond
the control of man. Since these risks cannot be eliminated by diversification, they are
also known as non-diversifiable risk.
Examples of fundamental risk include rapid inflation, cyclical unemployment, war,
hurricanes, floods, and earthquakes.
Particular risk has its origin in individual events and its impact is felt locally. That is, it
affects only individuals or small groups and not the entire economy. Since these risks
can be eliminated by diversification, they are also known as diversifiable risks.
Examples include theft or property damage, death.

Subjective Risk and Objective Risk

Subjective risk is a mental state or attitude of an individual who experiences doubt or
worry as to the outcome of a given event. Essentially it is a psychological uncertainty.
Subjective risk is sometimes called perceived risk.
Objective risk is the risk that is precisely observable, and hence, is measurable. It is
the relative variation of actual loss from the expected loss. Objective risk is sometimes
referred to as the degree of risk.

All these various categories of risk can be interlinked as shown below.

FIN4345: Risk Management and Insurance 11

 Risk

Pure Speculative

Static Dynamic Static Dynamic

Subjective Subjective Subjective Subjective

Objective Objective Objective Objective

Sources of Risk
Property Risks
Persons owning property are exposed to property risks – the risk of having property
damaged or destroyed from numerous causes.
Homes and other real estate and personal property can be damaged or destroyed due
to fire, lightening, hurricanes, theft.
Businesses that own valuable property also face property risks. Property may include
plants and other buildings; furniture, office equipment, and supplies; computers,
computer software, and data; inventories of raw materials and finished products;
company cars, boats, and planes; machinery and mobile equipment; and even
accounting records.
Additionally, if a business’ customer or supplier undergoes property damage, the
business risks losing that customer or supplier.

Liability Risks
Business firms often operate in highly competitive markets where lawsuits for bodily
injury and property damage are common.
Liability risks include:
 Court awards for compensation to 3rd parties
 Legal suit costs in defending
 Injury or damage in the premises (public liability), contamination of the natural
surrounding due to business operations (environmental liability), injury or

FIN4345: Risk Management and Insurance 12

 damage to the customer by consuming business products (product liability),
and losses due to professional advice or service (professional negligence).
Businesses are also sued for numerous reasons, including defective products that
harm or injure others, pollution of the environment, damage to property of others,
discrimination against employees and sexual harassment, and violations of copyrights
and intellectual property.

Life, Health, and Loss of Income Risks

 Health and safety risks in the workplace. These include job-related injuries and
disease of workers. They are covered under Workmen’s Compensation, and
Medical Insurance.
 Death of a key/important employee. This is covered under Key Man Insurance.
 Unemployment. This can lead to loss of income, loss of license, and financial
losses.

Financial Risks
These are speculative losses. Business Interruption Insurance can cover financial
losses following property loss or damage. That is, when the business is shut down for
several months due to a physical damage of business property, the firm may lose
income.
Financial risk also covers credit risk, foreign exchange risk, commodity risk, and
interest rate risk.

What Can We Do Regarding Risks?

There are three (3) courses of action:
1) We can eliminate the risk
2) We can reduce the risk
3) We can transfer the risk

Risk Management
The word “management” can be defined as the organization of activities and
controlling the use of resources in such a manner as to achieve some desired objective
or goal. Goals could be profit maximization, occupancy, increase revenue, expand
market share, increase net worth, or just to survive in the industry.
Risk management is concerned with the planning, arranging, and controlling the
activities and resources in order to minimize the impact of uncertain events.
Risk management can also be defined as a process that identifies loss exposures
faced by an organization and selects the most appropriate techniques for treating the
loss exposures.

FIN4345: Risk Management and Insurance 13

Note that loss exposure refers to any situation or circumstance in which a loss is
possible, regardless of whether that loss actually occurs.

Management of Risks
Organizations need to identify the sources of risks and measure their exposure levels
to risk. Further, they have to decide on how the risk should be handled.
If a pure risk is not identified, it will not disappear, but an opportunity is lost to
consciously deal with it.
The process of systematically managing the risk exposures is known as risk
management.
The head of the department charged with overseeing risk management activities of
the organization is titled the risk manager.
In implementing a more integrated approach, some firms have formed risk
management committees.
Some firms have created the title Chief Risk Officer (CRO) for more accountability,
responsibility, and span.
The CRO will be involved in many aspects of a firm’s activities, such as developing
employee safety programs, examining planned mergers and acquisitions, analysing
investment opportunities, purchasing insurance, setting up pensions and health plans
for employees.
The traditional risk management has now developed into more formal “Integrated Risk
Management” and “Enterprise Risk Management” to manage all forms of risk
regardless of type.
The holistic view of risk management encompasses building a structure and a
systematic process of managing all of an organization’s risk portfolio.

The Risk Management Process

1) Identify Risks. Not only from pure risks but from an enterprise risk management
perspective which includes operational, financial, and strategic risks.

2) Evaluate Risks. For each source of risk identified, evaluate the frequency and
severity of the losses.

3) Select Risk Management Techniques. The optimal method to handle risk must
be selected, and in some cases the plan may be to do nothing.

4) Implement and Review Decisions. This is as risk management is an ongoing

process.

FIN4345: Risk Management and Insurance 14

Insurance
Insurance is known as a risk transfer mechanism whereby a person facing some risk
of loss or damage or injury transfers to an insurer this unknown cost for a known cost
– the insurance premium.

Why Buy Insurance?

Firms purchase insurance in order to:
 Secure company’s survival

 Improve efficiency and contribute to growth

 Improve profitability in terms of return on equity (ROE), return on investment

(ROI), and return on capital employed (ROCE)

 Protect stakeholders

 Alleviate stress or ensure peace of mind

 Assume social responsibility

 As a part of good governance

What Risks are Insurable?

 Risks which result in a financial loss to the insured but not speculative where
there is a gain or loss.

 Risk must be capable of being financially evaluated.

 Risk must be fortuitous – not definite but rather unsure of its occurrence; it must
be by chance.

 There must be a recognized relationship between the insured and the loss.

 There must be a large number of similar events capable of insuring

(homogeneity).

 Risk must not be against the public policy.

FIN4345: Risk Management and Insurance 15