orangeblock
Menu

The Risk Management Trilogy

15 February 2024 | Risk Management | General | Craig Kent, Head of Risk Consulting at Aon South Africa

Three Golden Es of Risk Mitigation

From pyramids to mathematical equations, football formations, bridges and roofing structures, the strength of ‘triangulations’ is tried, tested and proven through time. The same principle applies in risk management in implementing and maintaining effective, resilient and efficient risk mitigation solutions to the evolving exposures that threaten businesses.

Risk management pivots around three considerations about the business and the potential risks it could face. First, you need to know what risks – from the likely to the highly unlikely - can threaten the business, second you need to understand the various potential impacts/outcomes such an event can have (gather data to substantiate the quantum of loss), finally, you need to elect, implement and manage suitable risk mitigation strategies to best counter the particular exposures.

From inception, the risk management process is essentially a trilogy process that is repetitive in the formation of a triangulation of:

• Risk exposure identification – risk awareness.
• Risk exposure quantification – potential risk cost, inherent exposure.
• Risk exposure mitigation – risk treatment to lead to residual risk exposure.

Risk identification:
The permutations and options for the process are vast, with these three salient classes of risk being the most prevalent:

1. Pure/tangible (for example property loss)
2. Latent/hidden (reputational/brand/market share/keyman)
3. Financial – Upside or downside (Forex/shares) or plain damage or non-damage business interruption losses.

The tools and process to identify the risk can vary both on a macro and micro level, by department/division or an entire operation or business. For example, fire is likely to be a tangible risk to a particular site, whereas forex fluctuations can impact all operations of a group of companies. The tools used to identify different risks also differ, while both can have characters of one or all three of the different classes of risk.

Exposure quantification:
It is invariably driven by the same principle as that of risk identification, save that the inherent risk exposure value can be made up of both tangible and latent values (Insurable and uninsurable costs). The hidden/latent and uninsurable costs are not that easily quantified. It gets tricky from a priority and treatment perspective, as we base a suitable action on the inherent risk, which serves to inform the treatment and or extent thereof, based on the ‘Three T’s’:

1. Tolerate – based on the estimated quantum of potential exposure, we can ‘live with the event’ – often characterised by frequent exposure/low value at risk.
2. Treat – apply viable cost-efficient risk mitigation and reduction strategies by removing the risk or reducing the frequency and the value, or both.
3. Transfer – pass the risk to someone else by addressing it through a combination of treating and transfer, for example buying insurance to cover the exposure.

Risk Exposure Mitigation:
Once the risks are identified and you have quantified the inherent exposure value, you can make an informed decision on the preferred risk mitigation strategies to deploy:

a. Self-retention of the exposure, with varying degrees of risk prevention or reduction strategies.
b. Risk transfer (insurance) strategy - coupled with expected degrees of risk prevention and reduction.
c. Get rid of the risk, which is easier said than done.

Risk Mitigation doesn’t end here. While these three risk mitigation tools, alone or in combination, are the mechanisms to mitigate all the risks of the business, these tools are only sustainable where we seek to constantly manage the treatment thereof. To achieve the best efficiency for the management of each risk, you need to look at the Three Es of treatment, namely:

1. Engineer the solution in part or whole.
2. Educate on the risk treatment solution.
3. Enforce the application to maintain the engineering and education of the solution.

While many assume that engineering can only be applied to tangible risks, let’s explore some examples and link in the education and enforcement thereof:

It is interesting to note that in all four examples, a failure of any one of the three E’s, can lead to a failure of the risk mitigation strategy and in turn, the predicted residual risk that was anticipated based on the mitigation plan, is far greater. There are many other examples which can be cited where the same principles apply, to make sure the treatment is:

• Equitable/viable to the Inherent value at risk - don’t spend R1 to protect R1.
• The cost to mitigate is viable to achieve.
• The resultant residual value of the risk is sustainable.

There is little point in spending R1mil on the treatment of a R5mil potential loss exposure unless there is a legal requirement, of course. Similarly, there is little point in spending R1mil on treatment to protect an R100mil exposure. If the rules for the application of the three E’s treatment are broken, then you may have wasted R1mil and still have a potential R100mil loss exposure.

In conclusion, it stands to reason that if we do not follow the various trilogies continually, it will not be possible to argue that an effective and efficient risk management program is in place. One of the biggest failures is the seemingly cheaper’ ‘DIY’ approach, rather than consulting a professional risk manager and investing in the process, to ultimately effectively and efficiently manage the organisation's risks.

“Having regular, thorough risk assessments of your business is a good exercise to identify any possible red flags that need to be addressed before they have negative impacts on the business’ risk transfer requirements. It will also direct a business that has already fallen into a state of distress, on how to best address the existing concerns and identify potential other risks, that can be addressed to efficiently get the business back on track.

A professional broker and their risk advisors will be able to provide your organisation with aligned services and solutions that businesses may need to identify and address any gaps in their risk management program, mediate a solution and provide the clarity and confidence to make better decisions when it comes to the risks that your business is faced with. Get good risk management practices in early and strive to improve continually.

The Risk Management Trilogy
quick poll
Question

If you had to hazard a guess, when do you reckon the COFI Bill will be signed into law?

Answer
View the Results arrow
FAnews April 2026
THE LATEST EDITION FANEWS MAGAZINE
  • Geopolitical risk: the rising threat to global trade and insurance markets
  • The regulatory tightrope: achieving consumer protection without overregulation
  • Liability disclaimers and consumer protection: key lessons from recent case law
  • From promise to payout: the real test for employee benefits
  • Retirement planning: when the maths doesn’t math
Products & Services
Useful Links
Important Links
Jobs

© FAnews | Privacy Policy | Site Map | Website Design by Online Innovations