PART 1
General Concepts and Principles
Chapter 1
Introduction
1.1. What is risk management?
What do we mean when we speak of risk? Let us consider the following dictionary definitions:
ā Shorter Oxford English Dictionary: 1. Hazard, danger; exposure to mischance or peril. 2. The chance or hazard of commercial loss, specially in the case of insured property or goods.
ā Merriam Webster Dictionary: 1. Possibility of loss or injury: see PERIL. 2. Someone or something that creates or suggests a hazard.
ā Chambers Dictionary: 1. The chance or possibility of suffering loss, injury, damage, etc; danger. 2. Someone or something likely to cause loss, injury, damage, etc. 3. (insurance) a. the chance of some loss, damage, etc., for which insurance could be claimed; b. the type, usually specified, of such loss, damage, etc., fire risk; c. someone or something thought of as likely (a bad risk) or unlikely (a good risk) to suffer loss, injury, damage, etc.
Using these definitions, we see that the word āriskā may denote a situation of exposure to hazard, from which damage may result. The notion of risk is thus connected to the notion of hazard, a hazard being that which may produce damage in the future, in an uncertain manner. This definition will be considered in more detail and in a more formal manner in Chapter 2.
This notion of risk is closely linked to human activity, and to human existence in general. Humanity has always been exposed to risks and humans have always generated risks to their environment; efforts to manage these risks came as a natural consequence. These risks have evolved over time, and the attitude taken to risk has evolved in parallel.
In the world of industry, risks need to be mastered for ethical, regulatory and economic reasons. This is the purpose of risk management, which, within a framework specific to each company, consists of:
ā identifying risks;
ā analyzing risks, that is, studying their consequences and the possibility of their occurrence;
ā evaluating and ranking these risks;
ā defining a strategy to use with each risk: acceptation or toleration, elimination, reduction, transfer or sharing between multiple actors.
This process is sometimes complex and is often carried out in an iterative manner. The risk management process must also make optimal use of company resources.
The aim of this book is to present the methods habitually used to implement risk management in the context of the production of goods or services. As this type of activity can generate a considerable number of more or less interconnected risks, we will concentrate on certain specified risks.
1.2. Nature of risks
Within the context of a business, we may be faced with a wide variety of risks [DAR 12]. These risks can be grouped into two categories, based on whether they only generate loss or both loss and gain at the same time:
ā pure risks only present possibilities of loss. They are a result of undesirable events. Their occurrence creates losses for the business, while their non-occurrence does not constitute a gain, and the cost of the damage they can entail will not, a priori, increase. Risks associated with the security of goods and human life fall into this category;
ā speculative and controlled risks can generate losses or profits, depending on events and decisions. One example of this type of risk can be found in the management of a company or a project. Decisions need to be taken involving risks. The goal is to increase profit, but a possibility of loss exists. These risks are accepted as they are the result of a choice.
The risks encountered in a business context may also be classified according to the nature of their consequences. For example, we may identify:
ā risks with consequences for human health, physical or mental, generally concerning company employees, but also those living in the vicinity of sites of production;
ā risks to the social and economic situation of personnel;
ā environmental risks that create undesirable effects on the natural environment;
ā risks to the mechanisms of production caused by phenomena within or external to the business, including natural phenomena such as flooding or earthquakes;
ā risks that may damage commercial relationships, caused, for example, by malfunctions in the production mechanisms, in terms of quality, quantity or time delay;
ā judicial risks that may undermine the moral entity constituted by the company, which may be held responsible for damages and thus be the target of judicial proceedings. Based on the nature of the case, we can distinguish between affairs of civil responsibility, in which another entity is subject to damage, intentional or otherwise, and criminal cases, linked to regulatory infractions. The person held responsible in these cases may be the company director, other members of the company or the company itself as a distinct moral entity. In the context of criminal cases, responsibility cannot be transferred using insurance;
ā financial risks, with a direct negative impact on company assets.
Note that most of these risks have indirect financial consequences. This is the case, for example, when company goods are destroyed or damaged (in the case of major risks), or in situations where the quality or quantity of production is affected. This also applies to data security, problems of continuity in activities, problems connected with intrusion, etc. Risks of a judicial nature can lead to fines that must be paid, and risks to human health or the environment can result in the payment of damages, although these risks cannot simply be reduced to their financial aspect.
In this book, we will concentrate on risks linked to the mechanisms of production, that is those which create damage as a result of undesirable behaviors in the mechanism. The direct consequences of this type of risk concern human health, the environment and the quality and quantity of production throughput.
NOTE 1.1.ā This risk is generally, although not solely, a pure risk. Take, for example, the case of a business using a manufacturing process that presents risks due to the nature of one of the products being used, for example a toxic product that could cause intoxication in humans if not sufficiently contained. A company might wish to adopt an innovative procedure to increase production. The risk linked to the danger inherent in the procedure is a pure risk. The risk linked to the decision to choose the new procedure, however, is a speculative risk, and the risk connected with the use of the site is a controlled risk.
1.3. Evolution of risk management
The methods presented in this book were developed from the 1950s onward in order to respond to a demand for greater mastery of risks, whether at company or society level. To replace these methods in their context, we will now provide a brief overview of the development of approaches to risk management.
The word āriskā has its origins in the Greek substantive āĻĪ¹Ī¶Ī±ā, meaning ārootā, which gave us the Latin āresecareā, meaning āto cutā. This, in turn, evolved to produce āresecumā in medieval Latin, meaning āreefā, in a maritime context. This led to the following interpretation: the reef is an obstacle that the navigator must, imperatively, avoid.
Figure 1.1. Key points in the history of risk management
The Lisbon earthquake of 1755, which was followed by a fire and a tsunami, constituted a key event in the development of risk management. A considerable part o...