BCM 1202: PRINCIPLES OF RISK MANAGEMENT & INSURANCE

Course Purpose
The purpose of the Course is to equip the learners with the ability to identify and analyze risks in
a business environment
Expected Learning Outcomes. By the end of the course, students should be able to:
• Analyze different concepts of risk and risk management
• Evaluate challenges facing risk management in the organization and insurance industry.
• Ethically apply the knowledge gained at a personal level, business level, and the general
Society
• Relate risk management and its importance of risk management in business organizations
• Describe the insurance mechanism in Kenya and its significance
Course Description
Definition of fundamental terminologies: insurance loss exposures: Law of insurance; formation
of an insurance contract, elements, risk, wagers, classification of insurance, principles of
insurance; insurable interest, indemnity and other related principles, proximate cause essentials
of risk management: insurance provision: private insurance companies: insurance type:
commercial insurance, general liability insurance, bonding, crime insurance and reinsurance:
insurance contracts: personal auto policy insurance: life insurance policies: health and disability
insurance and annuities. Third-Party motor insurance Decision-making and risk: risk types:
acceptable risk: models of risk: risk theories: risk management techniques: implications of risk to
business: insurance occupations: the insurance market: employee benefits and social security:
worker’s compensation insurance: insurance regulations. Concept of Enterprise Risk
Management 39
Teaching Methods: Lectures, class presentations, Group Discussions, and case studies.
Instructional Material/Equipment: Whiteboard, LCD/Overhead Projector
Course Evaluation: The final grade will be based on the following:
Continuous Assessment: 30%
Final Examination 70%
Total 100%
Course Textbook
Rejda, George E. (2015). Principles of Risk Management and Insurance. 10th edition Addison
Wesley
Reference Books
• Julia H. (2005). Insurance .5th edition Chartered Institute of Bankers UK.
• (Harrington, Scott E. and Gregory R. Niehaus (2003). Risk Management and Insurance 2nd
edition Irwin/mc graw-hill.
• Skipper, Harold D.W. Jean K. (2007). Risk Management and Insurance: perspectives in a global
economy Blackwell Course Journal Journals on risk management and insurance.

BCM 1202: PRINCIPLES OF RISK MANAGEMENT AND INSURANCE

Introduction to Principles of Risk Management and Insurance

Risk
A risk refers to the possibility of an event or outcome that could result in negative consequences,
losses, harm, or failure. It involves uncertainty about future events which could be measured in
terms of likelihood (probability) and impact (severity). A risk can be pure or speculative.
Pure risk
A risk beyond human control and if it occurs, can only result in a loss. Pure risks are generally
insurable and include natural disasters, fires, earthquakes, hurricanes, and litigation.
Speculative risk
A risk that is voluntary and can result in either a profit or loss. Speculative risks are controllable
and commonly handled by the capital markets. Examples of speculative risk include gambling,
financial investments, business ventures, and product launches.
Key Elements of Risk
Uncertainty. The outcome is not guaranteed or known.
Probability. The chances that an event will occur or not.
Impact. The potential consequences of the event/ severity.

Types of Risk
Financial Risk. Loss of money or investments or probability of making a loss. They are caused
by unfavorable economic factors, such as exchange rate fluctuations, cost increases, credit issues,
or bankruptcy.
Operational Risk. They occur when a business experiences errors or failures in its operational
processes, which can lead to financial losses or disruptions in business operations. They are
caused by several factors, including human error, equipment malfunctions, or inadequate internal
controls
Strategic Risk. Adverse effects from business decisions. Eg, poor business planning, can make it
difficult for a company to achieve its goals or for a competitor to enter the market.
Health Risk. Refers to any factor, condition, or behavior that increases the likelihood of
developing a disease, injury, or other negative health outcomes. They can arise from habits that
affect health, such as smoking, poor diet, lack of exercise, and excessive alcohol consumption.
; External factors like air pollution, unsafe water, or exposure to hazardous substances; Inherited
traits that may predispose individuals to certain diseases or conditions; Hazards encountered in
the workplace, such as exposure to toxic chemicals or repetitive strain injuries; and due to stress
or other psychological factors that can affect individual’s physical and mental health.
Reputational Risk. Damage to public image or brand. They occur when a company's actions
are not favorable to its customers or employees, causing it to lose relevance with the public,
customers, and industry members.
Compliance risk
This type of risk occurs when a company violates internal standards or external regulations,
which exposes the company to penalties, legal battles, or significant losses.

Risk management
It refers to the process of identifying, assessing, mitigating, and monitoring potential risks that
could negatively impact an organization’s assets, operations, or objectives. It involves the
development of strategies to minimize the likelihood of these risks occurring or reducing their
impact if they do occur. It should be carried out by a risk manager with risk management skills.
Risk management and insurance
Risk management and insurance are integral to protecting individuals, businesses, and other
entities against potential losses. Insurance is a process of risk transfer from an individual to a
company that mitigates the risk by distributing the risk to the public through a pool of
policyholders. Insurance seeks to restore the insured to their position before the loss. In return,
they pay premiums for a certain amount of money known as sum assured.

Objectives of Risk Management

• Minimize potential losses.
• Reduce financial uncertainty.
• Enhance resource efficiency.
• Comply with legal and regulatory requirements.
• Assist in making informed decisions for business continuity/ posterity.

Risk Management Principles

 The International Organization for Standardization (ISO) outlines eight risk management
principles to create a robust risk management program:
• Integration: an organization should integrate its risk management efforts into all parts and
activities of the organization.
• Structured and comprehensive: should be systematic, structured, and timely
• Customized: tailor-made to suit the needs of the organization.
• Inclusive: involve all stakeholders in appropriate and timely ways.
• Dynamic/ responsive to change: a risk management program should help the organization
anticipate, identify, acknowledge, and respond to changes in an appropriate and timely way.
• Uses the best available information: considering information from the past and present as
well as anticipating the future. All relevant stakeholders should receive the necessary
information in a timely manner.
• Considers human and cultural factors: Risk management is a human activity and it takes
place within one or more cultures. The risk manager must know the influence that human and
culture factors will place on the risk management effort. Lobbying and sensitization of the
importance of the new culture.
• Practices continual improvement: Through experience and learning, risk managers must
strive to continually improve an organization’s risk management efforts. Kaizen principle.

Steps in the Risk Management Process

• Identify Risks:
Recognize potential exposures (e.g., physical, financial, operational). It seeks to answer the
frequency and severity of the occurrence of an adverse event.
Risk may be identified using the following methods:
• Observation- both direct and indirect
• Interview- in-person or through telephone
• Brainstorming in a panel
• Use of a questionnaire- open or closed
• Use of technology- CCTV
• Engaging consultants- insurance underwriters
• Conducting experiments -controlled or uncontrolled
• Analyze Risks:
Assess the likelihood of occurrence and impact of each risk- the worst that can happen in case it
occurs.
Risk analysis can be carried out by a statistician, actuary, underwriters, etc. who determines the
likelihood of a risk occurring and the possible impact if the risk occurs. They use specialized
software and actuarial data to assess risk factors and make informed policy issuance and pricing
decisions. Decisions are based on mathematical computations such as measures of central
tendencies (mean, mode, median) and measures of dispersion such as variance, range, and time
series, among others.
• Evaluate and Prioritize:
Risk evaluation and prioritization is a process that helps identify and prioritize risks so that
resources can be allocated to address the most significant threats first. This process is also known
as risk ranking or risk scoring. A risk prioritization matrix (also referred to as an impact matrix or
a probability matrix) can be useful.

• Select Risk Control Techniques:

Risk Avoidance: Eliminate the risk. Eg to avoid road accidents – the decision not to own a car or
to drive in a car. However, there is still a minimal risk of being hit by a car as a pedestrian.
Risk Reduction/prevention: Mitigate the likelihood or impact. It involves improving
operational processes, enhancing security measures, developing contingency plans, and
implementing compliance programs. In the case of a car install a car tracker, alarm system,
airbags, regular servicing of the car, installation of speed governors, hiring of security guards,
 armored vehicles, bulletproof windows, CCTV cameras, and security guards in parking areas
among others.
Risk Retention. Occurs when a party chooses to accept and self-finance for some risks, rather
than transferring it to another party. This can include the creation of a risk fund, allowances for
bad debts, etc. In the case of a car, create a provision for depreciation of the car.
Risk Transfer: Shift the financial burden (e.g., insurance).

Choose the best option based on your circumstances or a combination of strategies.

• Implement Measures:
Put the chosen risk management strategies into action.
It involves coming up with an action plan, budgets, timetables, allocation of resources, effective
communication to the stakeholders, development of cultures that align with the strategies, and
support of the strategies by management (role model). It outlines what is to be done, who, when,
where, and with what is to be done. The implementation can be done in phases, piloting, parallel,
direct overhaul, etc.
• Monitor and Review: Monitoring involves regular checking of how the implemented risk
management strategies are working. It is done through regular comparison of the actual action
against the desired action. The essence of monitoring is to take action in case of adverse
variation. Positive variation may mean the strategies are effective and have exceeded
expectations. It should be encouraged/rewarded.
A review of strategies should done regularly or when the need arises to align them with the
prevailing circumstances.

Problems of Risk Management

• Uncertainty
It's difficult to predict future events, so it can be hard to consider all risks in a risk
measurement system.
• Inadequate data
A lack of data, or data that is withheld or altered can lead to misleading results. GIGO or
input-output relationship.
• Evolving threats/ dynamics
Threats can change over time, so strategies need to be continuously monitored and adapted.
• Lack of support
Executive management may not support risk assessments, or there may be a lack of
leadership support for risk management programs.
• Lack of definition
There may be a lack of a common definition of critical risk terms or an inadequate definition
of risk appetite and strategy.
• Lack of understanding
There may be a lack of understanding of the organization, function, or process being
assessed.
• Limited capabilities and resources
Organizations may lack the resources to hire risk experts.

Benefits of Risk Management

• Improved business performance: Risk management can help businesses identify and
mitigate threats, which can lead to fewer disruptions and financial issues.
• Better decision-making: Risk management can help organizations make informed decisions
by providing accurate and timely risk data.
• Improved workplace safety and security: Risk management can help organizations create a
safe environment for their employees.
• Better reputation: Risk management can help businesses avoid negative publicity and build
a positive reputation with customers, clients, and partners.
• Improved compliance: Risk management can help organizations comply with regulatory
and internal compliance mandates.
• Improved bottom line: Risk management can help businesses identify potential
opportunities, which can improve their net income, net earnings, or net profit.
• More accurate budgets: Risk management can help businesses create more accurate
contingency budgets by incorporating risk management into schedule and cost planning