^

Business

Cost of risk management

KPMG CORNER - Daniel Z. Barlicos -

(Conclusion)

Cost of risk control

The third component of TCOR is the cost of risk control. Risk control techniques: 1) reduce the impact of risk, 2) prevent its occurrence, 3) lessen the frequency of incidents, and 4) avoid its recurrence. 

Implementing risk control techniques entails cost to the organization. All of them provide increased risk retention capabilities. The more risks are controlled, the more confident organizations are in retaining them. Retaining them may mean an improve probability of making better returns for your investments.

These are some example of the cost of risk control typically incurred by companies:

1) Capital expenditures to install risk control systems such as fire protection appliances, security appurtenances, quality control, safety and safekeeping devices, structural fittings, and other engineering control mechanisms; and,

2) Preventive maintenance costs for upkeep of machineries and equipment so that they do not breakdown and reduce rate of wear and tear.

Many companies’ justifications to spend on risk control are often based on physical protective merits i.e., fire extinguishers, electronic door access control, vaults, armored trucks to manage delivery especially of cash and other valuables, etc. Some companies are comfortable with other risk control techniques. The decision to spend on a particular type of risk control will depend on classic principles of risk-reward and cost-benefit. A Risk Management Framework ensures that this process of determining risk-reward and cost-benefit is incorporated in the whole management decision making process in retaining, controlling or transferring risks.

Cost of risk administration

The final component of TCOR is the cost of risk administration. These are the costs associated with maintaining all risk management activities within the organization, such as salaries of the Chief Risk Officer and all other personnel tasked to support the risk management program. Costs to promote the program, including culture building and training activities, are also included in this category. In mature organizations, the cost of risk administration also includes expenses for implementing strong and effective IT-enabled communications, reporting and monitoring systems to support the achievement of various risk management objectives.

The value of TCOR

Effective risk management requires effective management of the total cost of risk (TCOR). The effectiveness of the risk management program is measured by its ability to minimize the costs of risk and optimize profit. In companies where risk management is not integrated, there is a tendency to make compartmentalized decisions. As an example the company may forego insuring certain risks if such actions can be mitigated by adding certain risk control techniques.  

When everyone in the organization performs risk management in isolation and in a siloed approach, cost management inevitably suffers. The technique is to have the right balance between risk transfer and retention, supported by the right amount of risk control and administration.

The Chief Risk Officer, or the individual in charge of risk management coordination in an organization, must know his company’s total cost of risk to be able to take a leadership stand on any risk management issue that might arise in the course of operations. This is the way to put risk management in a strategic level of importance. Without a definite view of just how much the company is spending on risk management, the Chief Risk Officer’s role becomes passive and is reduced to a mere supporting role without much effect and influence.

In determining an organization’s risk management practices, a survey of its total cost of risk is an important step to start with. Managing this cost and tackling its components to achieve the right balance reflect management’s maturity level in addressing risk issues. For example, if risk transfer costs far outweigh other costs of risk, it may reflect an organization’s over reliance on insurance as a risk protection measure. Hence, the organization may be seen as having limited ability to recognize and assess risks in their operations and simply let insurers take all the exposures at whatever cost. On the other hand, if the organization has significant amounts of losses without sufficient recoveries, it reflects the lack of knowledge of risk treatment facilities available in the market.

Integration of risk management efforts and viewing risks holistically in an organization are not simply process integration. It also involves an integrated cost minimization and monitoring system that allows a balanced and skillful approach to risk management decision making.

(Daniel Z. Barlicos is a Senior Manager for Risk Advisory Services of Manabat Sanagustin & Co., CPAs, a member firm of KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative.

The views and opinions expressed herein are those of Daniel Z. Barlicos and do not necessarily represent the views and opinions of KPMG in the Philippines. For comments or inquiries, please email [email protected] or [email protected]).

A RISK MANAGEMENT FRAMEWORK

BARLICOS

CHIEF RISK OFFICER

CONTROL

COST

DANIEL Z

KPMG

MANAGEMENT

ORGANIZATION

RISK

  • Latest
  • Trending
Latest
Latest
abtest
Are you sure you want to log out?
X
Login

Philstar.com is one of the most vibrant, opinionated, discerning communities of readers on cyberspace. With your meaningful insights, help shape the stories that can shape the country. Sign up now!

Get Updated:

Signup for the News Round now

FORGOT PASSWORD?
SIGN IN
or sign in with