- Email: [email protected]
Challenging the orthodoxy in risk management
Safety Science.
Vol. 22, No. 1-3, pp. 245-262, 1996 Copyright 0 1996 Elsevier Science Ltd Printed in Great Britain. All rights reserved
Pergamon
0925-7535/96
$15.00
+
0.00
SO9257535(96)00018-5
CHALLENGING THE ORTHODOXY IN RISK MANAGEMENT Clive Smallman University of Bradford, Management Centre. Risk Management Unit, Emm Lane, Bradford BD9 4JL, UK
Abstract-Risk management is placed in the context of recent social theory, recognizing the emerging chaos that is inherent in post-indusbial life. The declining performance of the insurance industry is cited as evidence of the dynamic changes in society. Two risk manageand “holistic”, ment paradigms, “reactive” are described and contrasted. An outline model of the second is presented and linked with elements of recent research in risk management. The paper then presents a discussion of this new paradigm in relation to key issues in the future of risk management. Copyright 0 1996 Elsevier Science Ltd
1. Introduction
1.1. The risk society
There is an increasing amount of evidence to support the contention that a new era of political, economic, social, technological and environmental turmoil is upon us. With dynamic change comes uncertainty, brought about by the process of modernization. Just as it produced the industrial society from the ashes of the feudal society of the 18OOs,so modernization is setting light to present day industrial, commercial and social structures as society evolves. This emergent society Beck (1991) terms the risk society. In an influential piece of social analysis, Beck identifies the consequences of modernization - that is, industrial and scientific development - as a set of risks. Moreover, he sees these hazards as phenomena the like of which we have never previously faced. Many risks now cross national and international boundaries (for example, Chernobyl, the international drugs trade, intemational currency trading) and are seldom limited in space; nor are they limited in time. The long-term effects of many of our activities are difficult to predict, but it is more than likely that our children’s inheritance will be problems that we are creating now. No one group is to blame for these problems; it is a collective blame and one that is the product of the process of modernization. Yet, in spite of our growth and development it is becoming increasingly difficult for us to adequately compensate those individuals whose lives are directly affected by 245
246
C. Smallman
the risks to which we have given life; nor can we hope to compensate those whose lives we impact years from now. 1.2. The need for a new approach Society in general and commercial organizations in particular are beginning to recognize that life is less certain and a different approach is needed. There is a clear need for a coherent and informed “new” approach to risk management in the post-modem world. This is especially true of the insurance industry and to a lesser extent the offshore industry (Smallman et al., 1994). In an attempt to further the debate this paper explores the nature of risk management and the discussion that surrounds it. 1.3. Objectives
The objectives of this paper are to: justify the need for improved risk management (in general and in terms of the performance of the insurance industry); present popular and alternative models of risk management; and debate key issues in risk management with reference to the alternative model.
2. The need for improved risk management 2.1. In general
In addition to the work of Beck (1991), there exists empirical evidence to support the growing importance of commercial risk management. Ashby and Diacon (1994) questioned 127 risk managers in 350 of the UK’s largest companies. The main purpose of the questionnaire was to discover why firms spend money on risk management. Respondents placed most emphasis on statutory compliance, relating to employee health and safety, product safety and environmental safety. Firms are also intent on limiting legal liabilities to employees, consumers and the environment (particularly from the point of view of image). Seventy percent of respondents rated each of the factors as important. Hence, the importance of risk management in commerce stems largely from the need to avoid contractual, tortious or statutory liability. However, it was also found that risk management is used in order to reduce socio-technical systematic risks as a means of direct benefit to shareholders. 2.2. In the insurance industry The insurance world is showing signs of great change. Certainly the European insurance sector shows early symptoms of wide-scale restructuring (Muth, 19931, particularly in Germany and the UK. The inexorable tightening of legislation in the wake of many financial scandals, coupled to an imminent lowering of trade barriers (Cecchini et al., 1988), has added an air of great uncertainty to the insurance industry; and this in a business that was originally built on a perceived ability to predict uncertain events. After the comparative success of the 1980s more recently the general insurance market has been a difficult one in which to live.
Challenging
the orthodoxy in risk management
20 r
l
Fig.
247
Unadjusted
I. UK insurers premium income growth 1987- 1991.
2.2.1. Symptoms of decline The Association of British Insurers (ABI) represents most of the UK insurance industry. As
part of its activities it monitors the fortunes of its members. In 1992 it published a summary of the performance of its members between 1987 and 1991 (Association of British Insurers, 1992). The late 1980s and early 1990s saw an apparent steady rise in premium income in all categories of general insurance. The rise in consumer expenditure and the expansion of business had fuelled the market for insurance of all types of property against fire, theft and other damage. The major contribution to new business came from the fire and accident and motor markets, although the latter is increasingly regarded as a poor risk. However, although 1991 saw premium income of some &27,270 million, it also saw a trading loss of over &3,270 million (12% of premium income). This is only the third time that a loss has occurred since statistics have been collected. However, underlying the apparently healthy growth in premium income, the true trends (corrected for inflation) were much less appealing. A marked decline in growth of premium income in 1990 matched the rise in inflation that is now recognized as the start of the recent recession (see Fig. 1). Following turnover, if we examine profits we see even more disturbing trends. In the whole of the five-year period only the marine aviation and transport sector of the general business showed a profit, and that was at the beginning of the period. Each other sector shows massive losses, led initially by the motor business (a perennial loss-maker) but then by the fire and accident sector. Clearly the companies were saved only by their massive investment “muscle” that helped them to offset enormous underwriting losses. Profit growth figures emphasize the nature of the difficulties in the market. The profit slump began in 1988/89 with a 75% fall in profits, followed by dramatic falls of nearly 200% in 1989/90 and a further 100% in 1990/91. The heavy reliance on investment performance tends to indicate that insurers have lost sight of their original core business: compensation for insured losses. The losses discussed above are just those for the corporate UK general insurance business - that is, the business conducted by companies limited by guarantee and quoted on the
248
C. Smallman
London stock exchange. Consequently, their recent performance only partially reflects the full story. In addition to the corporate general market we can also look at Lloyds of London. Until the early part of 1994 corporate insurers were not allowed to enter the Lloyds market and, therefore, corporate results were largely unaffected by losses at Lloyds. The Lloyds market has suffered more than any other. Many names have paid all for “gambling” with unlimited liability (Lapper, 1993b). These private individuals stake their considerable personal wealth on the Lloyds market hoping to profit from backing largely maritime but also other major insurance risks and profiting from a share in the massive premium income that offering such insurance can bring in. The only catch, as many have discovered, is that their individual liability is unlimited. In 1989 and 1990 several syndicates exceeded twice their total capacity for payment. One group of syndicates sustained losses in excess of 51 billion, approximately one-sixth of Lloyds total losses in the last five years; many others were simply driven out of business. Then in 1991 and 1992 a second wave of losses hit the market. The number of syndicates fell from just over 400 in 1990 to 228 in 1993. A fall to less than 200 is forecast for 1994. The problems of losses at Lloyds is exacerbated by the three-year accounting period that Lloyds adopts because of the complexity and volume of its business. Worldwide, an estimated US $10 billion in capital was drawn out of the industry (net cash outflow) (Lapper, 1993b) during 1990 and 1991. This does not allow for the costs that organizations involved in disasters have themselves paid out, either voluntarily or following litigation, by way of self-insurance. 2.2.2. Causes of decline Many of the insurers’ problems relate to the recession. It is a matter of historical fact that insurance claims (successful and unsuccessful) rise during such periods. The increase is generally attributable to rising crime, fraudulent claims and the propensity of policy holders to claim for damage to items when they might not previously have considered doing so. For example, total estimated theft claims rose 30% in real terms between 1987 and 1991 to &1,151 million. Over the same period the number of offences related to burglary, robbery and theft recorded by the Police in England and Wales rose nearly 35% from 2,990,733 to 4,035,627. Again between 1987 and 1991 fire claims rose to &1,018 million, and increase of 21% in real terms. However, these are surely not the not the sole cause of difficulties faced by insurers. Of late, insurers have suffered badly in the wake of claims for catastrophic losses of life and capital investment. These resulted from an unprecedented series of manmade sociotechnical disasters and natural catastrophes. Although these are randomly distributed over time, it is possible to infer that the current trend may be towards a rise in frequency. 2.2.3. Reaction The response of the insurers was predictable. Premiums for all types of insurance have increased markedly. In the opinion of many, insurance fees now verge on the punitive. The cycle of heavy loss followed by increased premiums brings into question key elements of the insurers’ business strategy, notably strategic direction, product design and pricing. There is also the question of pricing errors and the assumption made by many insurers that their products are fully price elastic. This may be based on faulty reasoning, and brokers and consumer organizations are not happy with the recent price rises (Lapper, 1993a). In some observers’ eyes the insurers are returning to profit simply by raising prices rather than improving efficiency and productivity.
Challenging
the orthodoxy in risk management
249
The insurers argue that this is simply not the case, pointing out that they have improved efficiency, as demonstrated by falling expense ratios (costs against premium income). Critics remain unconvinced, choosing instead to believe that the reforms are limited and that few genuine attempts have been made to reorganize business processes. The general perception of most people is that in this case insurers have had their traditional “knee jerk” reflex to a series of poor results, rather than looking at their basic risk evaluation philosophy. Whilst these arguments are heard largely in connection with small-scale personal and business insurance, the cost of insuring major risks is also rising. Indeed, it is becoming ever more difficult for owners and operators of installations such as oil rigs and chemical plants to obtain insurance without offsetting much of the cost themselves. It is now common to find major organizations that have either bought or set up their own reinsurance companies for their own protection and for that of their employees and investors. Yet, need this be the case?
3. Risk management 3.1. The nature of risk management Risk management has a long and rich history easily matching the breadth that characterizes this discipline. Of late, there has been a resurgence of interest in the field. This is partly stimulated by a recent Royal Society (1992) report, but more so by the intense debate of the subject by its practitioners. The art that is management draws on a very broad church, encompassing elements of technical, social and managerial sciences. Risk management is no less broad, addressing as it must the full gamut of hazards that we face. It has been defined thus: “The identification, analysis and economic control of those risks which can threaten capacity of the enterprise.” Churtered Insurance Institute (1991.)
. the art of making alternative choices, an art that properly future events rather than reaction to past events.”
should be concerned
the assets or earning
with the anticipation
of
“Risk management is simply good common sense in coping with possible and actual daily mishaps, and occasional major disasters, that lead to financial losses and unfuljilled plans for individuals und organisations indeed for our society as a whole.” Kloman (1992.)
Here is evidence of the polarization of risk management between “pure” financial risk management (that the insurance industry apparently dominates) and a much broader view. 3.2. Risk management
paradigms
Where there is variety in risk, there is equal variety in methods of assessing and managing risk. However, amongst all of the debate, as mentioned previously, there are two discernible poles of opinion: reactive (or fatalistic) risk management, and proactive (or holistic) risk management. 3.2.1. Reactive risk management The reactive approach relies on institutions to set predetermined risk tolerances and to convert these goals into quantified decision rules. These guidelines are applied by experts to given cases and can be incorporated into organizational design and operations. There is a
C. Smallman
250 Table 1 The risk management process Stage
Action
5 6
Establish objectives. Identify exposures to loss. Evaluate measurable aspects of the exposures. Select the best method or methods for handling risks: Avoidance loss prevention and reduction, retention, transfer. implement the risk management programme. Review the programme continuously.
Source: Atheam and Pritchett (1989).
strong relationship between this approach and the “homeostatic” model put forward by the Royal Society (1992). This requires forecasting, quantification and specification of outputs. This is mirrored in current insurance practice whereby premiums are set on the basis of quantified actuarial models of risk and follow a set pattern and process (see Table 1). Changes to the models generally only occur in the wake of negative events (e.g., poor institutional performance or an increase in socio-technical failures). The approach is also narrow, accounting for only those risks that the company perceive as an immediate threat. As such this approach is event-driven, whereby organizations react to what might be termed “event push”. Whilst there are limited signs to the contrary, most organizations still rely on risk retention (accepting loss) and risk transfer (hoping that some other institution will bear the loss) as their principal means of “risk management”. This is a fatalistic approach that accepts “if things can go wrong they will” as a principle of business. This is not management; it is allegiance to “Murphy’s Law”. On an economic basis, transferring risks usually leads to financial loss either in terms of that resulting from an event or premiums paid to insurers. Risk retention is often forced upon organizations where insurance is unavailable or difficult to obtain (indeed, many large companies finding insurance hard to obtain or obtainable only at a high premium have set up or bought their own captive insurers). If risks are not properly managed retention is a dangerous approach. If risks are properly managed (or if the company is blessed with great good fortune) monies reserved for potential loss coverage can be invested and made to work on the organization’s behalf. To achieve good risk management requires that organizations pay more attention to risk avoidance, prevention and reduction. Each of these words has a positive meaning to it; they infer the need for proactivity. This is at odds with the predominant characteristics of the reactive paradigm. 3.2.2. The proactive approach: “holistic” risk management Following a proactive model recognizes that forecasting is limited by scientific uncertainty and that the picture is further disturbed by cultural dynamics. Hence, it is extremely difficult to build models and so set decision-making rules. This makes it difficult to transfer risk and dangerous to accept it, without good management. Risk must therefore be avoided, prevented and reduced, especially where organizations have retained major risks. There is a strong relationship (but not an exact match) between this model and the “collibrational” approach defined by the Royal Society (1992).
Challenging
251
the orthodoxy in risk management “HOT” failures
Human
Organisrtiond
Technological
Event initiators
crisissymptoms
>---+
Regulatory
Infrsatructurrl
Political
Fig. 2. A model of industrial crises. After Shrivastava
et al. (1988).
This approach is falls in line with emergence of “holistic risk management”. Championed by Haimes (1991) this is defined as: “A systematic, statistically based, and holistic process thut builds a formal risk assessment and management, and addresses the set four sources offaiiure software fhilure,
within a hierarchical
(3) organizational failure,
multi-objectiue framework:
(4) human failure.”
ill hardware fLiIare, (2)
Haimes (1991.)
The essence of this approach is that we consider all risks and their interrelationships on a proactive basis, driven by potential risk and not by events (although organizations must learn from events). Where the current orthodoxy in risk management is governed largely by “event push” factors (reactive), the holistic approach advocates the need for “risk pull” as well. 3.2.3. Basis for a paradigm shif: the risk management envelope By drawing on lessons from research into socio-technical disasters and adapting an accepted model of crisis causation (see Fig. 21, we might better consider the full range of potential risks and techniques to handle them. Human, organizational or technical failures (“HOT” causal classes) are direct risks that may combine to initiate crises. These risks are potential failure triggers. Perhaps more pernicious are the regulatory, infrastructural or political factors (“RIP” causal classes) that may combine to accelerate or exacerbate the effects of a “HOT’‘-sourced failure. The reactive school place heavy emphasis on the prevention of technical failures and in detecting weaknesses relating to regulatory and infrastructural factors. This is evidenced by the engineering focus of the UK Health and Safety Executive and similar bodies throughout the world. However, our record in identifying potential human and organizational failures, exacerbated by political factors, is less than good. Evidence of this exists in a string of recent major tragedies and disasters, where alleged human and organizational failures led to loss of life and property (e.g., the Herald of Free Enterprise, the Estonia, Challenger and the Bow Belle).
Such failings infer the apparent need for a paradigm shift in risk management, a shift towards considering all factors. Such “holism” requires organizations and individuals to tackle the difficult problems known, paradoxically, as “soft factors”. In this respect, if the model of crisis causation is extended to acknowledge natural effects and to incorporate the risk management hierarchy, there emerges a model of what may be
C. Smallman
252
Fig. 3. The risk management envelope.
termed the risk management envelope (see Fig. 3). This envelope provides a simplified view on an environment in which risk managers need to assess, through constant monitoring, prediction and organizational learning from past problems (internal and external), likely risks to the organization. From informed assessment comes the opportunity to exercise control through the hierarchy of available control actions. 3.2.4. The risk management pyramid Based on the envelope, there are three main aspects to the process of holistic risk management itself (see Fig. 4): monitoring, forecasting and organizational .leaming. Monitoring requires continuous data collection and analysis of each of the aspects highlighted within the risk management envelope. The broadest view possible is the best, and information should be gathered from as many available sources as possible. It is important that organizations pay attention to so-called “weak” signals (Ansoff, 1984) that are indicators of latent failures (Reason, 1990). In line with previous arguments, such signals are generally centred upon the human organizational and political causal classes in the risk management envelope. The difficulty is identifying and monitoring these factors in their behavioural and intangible nature. Detecting such factors requires skills that go well beyond traditional methods of risk assessment that rely heavily upon the assumption that risks may be treated as “concrete physical entities” (Taft, 1995). In forecasting, organizations should not rely solely on probability theory and actuarial models (Toft, 19951, and proven qualitative techniques exist that enable prediction of likely risk scenarios (e.g., scenario planning, Delphi technique) (Wright and Ayton, 1987; Makridis and Wheelwright, 1989). Yet, combining qualitative techniques with numerical methods calls for diplomacy in bridging the gap between the quantitative and qualitative school within any
Challenging
253
the orthodoxy in risk management
Natural environment
Natura env.
Natural environment
Organisational
Infrastructural
Technological
Natural env.
Political
\
/ Natural enkkc
“HOT” or Direct Risks
“RIP” or Indirect Risk7
Fig. 4. The holistic risk management pyramid.
This reflects the theoretical divide that exists between various actors in the risk management community. In arganizutional learning there exists a powerful tool that enables all organizations to learn from past experiences and errors of themselves and others (Pedler et al., 1991; Senge, 1990). A clear embodiment of the notion of organizational learning relating to risk management may be found in Toft and Reynolds (1994). The main drive of their theory relates to active learning as a means of reducing socio-technical failures. However, on face value at least, the work seems equally applicable to all types of risk. Toft and Reynolds’ (1994) systematic approach is embodied in a simple model (see Fig. 5). The left-hand side and central elements of the model represent the current orthodoxy in the design development, implementation and maintenance of any socio-technical system. Where the approach differs is in the right-hand loop. If the system fails (or if similar systems fail), lessons are drawn in through this loop and incorporated into future plans and practices. This requires the design learning system component to draw in data from failures and other sources (including environmental scanning), thus relying on the monitoring aspect of the risk organization.
c. Smallman
254 r___---_---------___-____~---_-----_-~~~~~,
I I I
I I I I I
Increased design knowledge about socio-technical failures
I I I I
I
I I
I I I
I I I I
Perceived need for a change in the environment
Information on failures in operational systems
_I
Control action
Fig. 5. A socio-technical
Condition data
failure. minimizing system. After Toft and Reynolds (1994).
envelope. This data is analysed in order to produce valuable insights for design and management of systems. Taft and Reynolds (1994) highlight the potential value of this approach not just in terms of single organizations, nor just networks of organizations. Rather they see it as a national resource managed by a government body, with information on disasters available to all interested parties. This is a grand vision indeed and one that this author shares. However, in the nature of the current government, such a body is bound to come into the jurisdiction of the Health and Safety Executive. Not only is this body already under-funded (Tombs, 19951, it is also the domain of engineers who are naturally trained to use quantitative risk assessment techniques very much at odds with the notion of organizational learning. In combining the techniques of long-term non-numeric forecasting and organizational learning, we can perhaps propose a route forward for a holistic approach to risk management. However, this requires that all interested parties let their focus widen to embrace a much broader world view, where there is room for all techniques. Data collection and collation may involve a variety of techniques from simple environmental analysis (which requires examination of the political, economic, social, technological and natural environments for potential threats and opportunities to the organization) through to sophisticated quantitative risk assessments. Forecasting may use projections based on regression analysis as easily as it may use scenario developments. However, whilst both data collection and forecasting are accepted parts of corporate life in most modem enterprises, organizational learning is not. It requires a management
specificationism
Source: Royal Society (1992).
Outcome
Narrow participationism
Complemetarism
Designism
Quantificationism
Absolutionism
Safety and other goals go hand-inhand under good management Discussion is most effective when confined to expert participants The regulatory process should concentrate on specifying structures or products
Apply causal knowledge of system failure to ex unte actions or better risk management A “no-fault” approach to blame avoids distortion of information and helps learning Quantification promotes understanding and rationality, exposes special pleading Apply the accumulated knowledge available for institutional design
Anticipationism
policy summarized
Justification
contests in risk management
Doctrine
Table 2 Seven doctrinal
Process speciticationism
Broad participationism
Trade-offism
Design agnosticism
Qualitativism
Blamism
Resilienism
Counter-Doctrine
Complex system failures not predictable in advance and anticipationism makes things worse Targeted blame gives strong incentives for tatting care on the part of key decision-makers Proper weight needs to be given to inherently unquantifiable factors in risk management There is no secure knowledge base or real market for institutional design Safety must be explicitly traded off against other goals Broader discussion better tests assumptions and avoids errors The regulatory process should concentrate on specifying institutional processes
Justification
C. Smallman
256
Table 3 Factors in holistic and reactive risk management Holistic risk management
Fatalistic risk management
Anticipationism Absolutionism Qualitativism/intelligent quantificationism Designism Complemetarism Broad participationism Process specificationism
Resilienism Blamism Blind quantificationism Design agnosticism Trade-offism Narrow participationism Outcome speciticationism
change of attitude and of culture, whereby past mistakes are viewed as an opportunity to learn, rather than criticize. Moving toward such an approach was advocated in the wake of the Piper Alpha disaster (Cullen, 1990). Herein the promotion of the notion of a safety culture within an organization was placed over and above the role of quantitative risk assessment. It is perhaps a poor reflection of our leaders and elements of the Civil Service that the regulations (HSE, 1992) that built on the Cullen report lean once again towards numbers rather than people (Smallman, 1994). Evidence previously cited (Ashby and Diacon, 1994) points towards the avoidance of liability as a major incentive for corporate risk management. Unfortunately, with liability frequently goes the perceived need for someone to blame, yet some leading organizations feel they have benefited greatly from the introduction of a “no blame culture” (e.g., British Airways; see HBpfl, 1994). 3.2.5. Key doctrines in holistic risk management Developing our definition further, it is important to look at key doctrines that exist within the discipline of risk management and their relationship to holistic risk management. The Royal Society (1992) highlights a number of current and important debates in modern risk management. These are summarized in Table 2. By its nature holistic risk management is open, positive and based on a proactive approach to countering risks. With this in mind the Royal Society summary may be reformulated as in Table 3. Major differences and dichotomies are readily apparent. In the qualitative uersus quantitutiue contest, for holistic risk management the weighting falls toward qualitativism (since the very essence of holistic is that all things must be considered) coupled to “intelligent” quantificationism. There is room for the intelligent use of quantitative techniques, but only to the point where they do not substitute for good management judgement. The danger is, as always with numbers, that “analysis leads to paralysis”, whereby the use of numbers is used as a means of abdicating management responsibility. In terms of participutionism the bias falls toward broad participation again because the word holistic implies “the whole”. In this sense this means that the whole organization should be represented. Finally, process specification is preferred. The emphasis here falls on structuring the way that decisions are made initially, rather than attempting to monitor output, since prevention is generally accepted to be better than a cure. In this doctrinal model we find techniques that when combined allow for the assessment and control of all types of risk within the risk envelope.
Challenging
the orthodoxy in risk management
257
Hence, the emergent holistic risk management paradigm is defined. However, the shift to this paradigm away from the reactive model is occurring only very slowly. A number of barriers and issues block the development of a more proactive approach and effectively “threaten” the future development of the discipline.
4. The future of risk management As risk management practitioners strive to enhance and develop their discipline, they face a number of key issues that must be addressed in the near future. 4.1. The balkanization of risk management practice There is a very real danger that rather than it being drawn together into a coherent whole, risk management will continue to develop as a fragmented ill-defined gathering of theory and practice. Preventing such “balkanization” requires informed and intelligent debate, agreement between various practitioner groups and communication with “customers”. The range of representative bodies laying claim to risk management is wide indeed. In the UK there is the Chartered Insurance Institute (which offers risk management courses as part of its professional examinations) and the Institute of Risk Management (providing a global forum for professionals working in the field). In wider Europe there is the Geneva Association and the Institute of Insurance Economics, although the main thrust is lead by the Association of Insurance and Risk Managers in Industry and Commerce !AIRMIC). The list goes on, including major American associations and university centres throughout the world. Such a range of bodies is bound to create friction, although there is discourse between the groups as their members strive to find a future path for the discipline. However, where risk management professionals are divided at a procedural level, it is frequently the case that they will come together in defence of their “profession” when faced with intrusion from non-professionals. Increasingly organizations are seeing the benefits of workplace democracy and the use of employees in a much wider sense. The quality movement is largely responsible for this innovation, and there are signs that it is spreading to the risk management arena (Royal Society, 1992). The argument in favour of such involvement is that it provides a broad view on risk and that naive questions are often the most revealing in analysis of unknowns. Against this runs the point that technical expertise is the key to clear decision-making on risk matters that can be diluted by broad debate. Hence, risk management “professionals” argue that broad risk management teams are counter-productive. 4.2. Anticipation and the effect and threat of catastrophes The notion of holistic risk management presented above rests on the notion of anticipation. The key notion is that through applying causal knowledge of socio-technical and related systems failure it is possible to apply risk management actions that will avoid, prevent, reduce or transfer risks (Taft and Reynolds, 1994; Bignell and Fortune, 1984; Turner, 1978). Against this argument there are two major points. A whole series of recent reports [Swiss Re (UK), 1990, 1992, 19931 and other publications highlight a sad fact. Humankind’s considerable technological advances and abilities are overshadowed only by our seeming inability to prevent catastrophes (Richardson, 1994). Man-made disasters, as well as natural,
seem to be on the increase. Risk management has to meet the challenge being set by this trend. It can only do so if practitioners acknowledge the need to track weak signals that might be indicative of future catastrophes in the long term. Also, some authorities (Royal Society, 1992) argue that systems failures and catastrophes look predictable only in hindsight. They argue that such systems are inherently complex and dynamic and as such their behaviour is inherently difficult to forecast. The argument continues that overly “enthusiastic” risk management can in fact reduce an organization’s ability to respond to disaster, and that more emphasis should be placed on “handling difficult situations” rather than managing. In accepting an element of truth in the counter-argument to anticipation, it is also true to say that these arguments rest very much at the periphery of the overall “risk envelope”. Hence, there is clear argument for a balanced approach, but very definitely with the emphasis on prevention rather than cure. 4.3. Short-term versus long-term thinking The need to forecast and think ahead in the long term is an important characteristic of the holistic model, relating to the doctrine of anticipationism. Developing the theme of preventive medicine, consideration has to be given to the time frame within which the “physician” works. Despite the best efforts of management theorists and business schools, the general outlook in business today, especially in the US, the UK and (to a lesser extent) much of the developed world, remains avowedly short-term (Calori and de Woot, 1994). This is a result of both economic (shareholders) and political pressures that generally force businesses to think only as far ahead as the next dividend payment or election. Consequently, little consideration is given to the long-term effects of their activities, which may only become apparent in 10 or 20 years time. Nor are catastrophic events that are likely to occur only once every 150 years considered. Whilst contentious, it is arguable that such myopia regarding latent failures may be indirectly transmitted to risk managers, who are caught up in a short-term spiral forced upon them by working within a market economy. In the market the emphasis falls on short-term gain, and this is the means by which performance is measured. The immediate impact of long-term effects is difficult to price, especially when the potential event might be 20-50 years ahead. Consequently, few risk managers may be interested in long-term negative effects. 4.4. The contribution of quantitative risk assessment (QRA) The use of numbers in predicting risks is well advanced. The problem with many risks is that all too frequently a human element is. involved. Time and again modelling human behaviour with numbers has been proven to be fraught with problems. Also, modelling risks is often based on historical data. Historical modelling is a valid and proven technique. However, it is too frequently used as a substitute for good management judgement. The holistic approach demands the use of “intelligent” quantificationism. This requires sensitivity and judgement in the use of what are usually assumption-laden calculations. The key point in favour of the application of numerical methods in risk assessment is that it provides a convenient tool for resource allocation. For example, much of government safety policy and regulation is based around the use of Quantitative Risk Assessment (QRA). The very technical sophistication of QRA also seems to offer a feeling of security, particularly where the assessment is automated and the final verdict delivered via a computer program.
Challenging
the orthodoxy in risk management
259
There are those within the pro-QRA camp who admit the need for careful consideration of other elements within the risk envelope. Indeed, consideration of human behaviour forms a part of several of the techniques used. Yet, it seems that they always come back to probability theory as a means of assessing the future. Grose (1990) identifies the shortcoming of using QRA. His principal argument is that the very complexity of human behaviour mitigates against a reductionist approach that frames natural phenomena as numbers (this reflects a broader philosophical stand-off in social science, generally wherein phenomenologists argue against the dominant positivist tradition). Simply the attempt to substitute numbers for the intricacies of real life will always lead to over-simplification. Also, the lack of applicable data will often force dishonest guessing, leading to assumption-laden decisions (Taft, 1995) that may lead decision-makers to inadvertently (or otherwise) substitute numbers for reasoned judgement. Hence, in simplifying risk through reducing it to the abstract, there is a danger that it may be unrealistically traded off against benefit by relying on numbers. 4.5. The role of the insurance industry Risk management has an overt tie to insurance. It seems that this strong relationship is endangering the relevance of risk management to the needs of modem society and business. It has been claimed that the lack of a coherent theoretical base for risk management is directly responsible for the inability of the risk management community to break the link with insurance. A number of authors have found that the insurance industry has restricted the development of risk management in its own right. Such is the hold of insurers, that very the term risk management is a euphemism for insurance management. Except for a few forward-looking companies, insurers have failed to fund research in risk-nor have they emphasized the need for risk control. Instead the industry has tended to rely far too heavily on predictions of actuaries. Growing population and economic development continue to increase the demand for energy, raw materials, new materials and new products. In turn, this pushes all industries, but particularly those in the energy and chemical sectors, to invest heavily in new technology and stretch the technological boundaries of their already high-risk businesses (although their productivity could perhaps improve). To look at history and expect from there to predict accurately the risk inherent in such ventures, whilst a valuable and proven technique, must be considered inherently “risky” in its own right (Taft, 1995; Smallman, 1994). In spite of this, many insurers continue to perpetuate the myth that they have solved many risk problems. In fact, what they have generally done is spread and share the risk rather than addressing the fundamental problem. Apparently, insurance management focuses far more on premium income than on risk exposure, to the point where they are seemingly not capable of calculating their total liability. If this is true, then perhaps a strategic review of their approach is overdue, one in which much attention should be placed on the development of information systems aimed at establishing risk exposure. This point is reinforced by recent events in both the corporate insurance market and particularly Lloyds, where the financial instability of these markets makes an effective case for reduced rather than conventional insurance. It is generally accepted that large insurers have also moved away from their original core business and now rely heavily on investment to support their weakened ability in the area of risk assessment. With these and other factors in mind, it may be the case that insurers have little to do with the future development of risk management practice.
C. Smallman
5. Risk management:
an essential discipline in an uncertain society
The environment that both business and wider society face today is markedly different from the past. There is little doubt that it will continue to change rapidly in the future. Such change not only induces problems for organizations by its very rate and scale, but also in terms of the uncertainty that it brings to bear. The signs are that many managers are having difficulty in keeping pace with these factors, and a recent survey placed concern about uncertainty and risk at the top of the agenda for many practising managers (Institute of Management, 1994). Hence, there is a very real need for establishing a singular and well-defined approach to risk management. Only in this way can we hope to reduce the existing and rising levels of risk faced by both business and society. More debate surrounds the role of risk management. It seems that there is only a weak relationship between risk management theory and practice. Also, there is perhaps too much emphasis on management and not enough on action in addressing harmful uncertainty. It is hardly surprising that reactive risk management is dominant at the present time; it is, apparently, more certain and easier to manage and cosr than the holistic approach. However, it is clear that the current orthodoxy is under attack, since it has been found wanting in any number of catastrophic events. A holistic approach is where the future of the discipline lies. What is needed, and quickly, is a coherent, well-specified methodology. The starting point for developing a practicable holistic approach lies in two research themes highlighted by the Royal Society (1992). The first advocates the use of cultural theory in examining, through methodical investigation, the strengths and weaknesses of different types of organizations in their approach to risk management. Little has been proven methodically as to the kinds of organizations that take or avoid risks, although much is known informally. Nor is it easily determined what kinds of risk organizations take, why and with what effects. By exploring risk-related behaviour of organizations in this manner we might better understand the reasons underlying the continuing balkanization of risk management practice. The second theme relates very strongly to the first. It concerns the lack of information with reference to cross-national and cross-organizational variations in risk management in the public and private sectors. It seems that there is a need for systematic work to compare the claims of those who advocate open risk management polices with those who prefer to place liability solely in the hands of their leaders. Work at the University of Nottingham (Ashby and Diacon, 1994) partially addresses these themes. It indicates that the current economic and financial paradigms have been found wanting and that research in the area of risk management might be better targeted at the development of organizational, political and contextual models. By combining these themes in a critical. assessment of variations in risk management practice with respect to organizational culture within UK industry 6mallman, 19951, a singular, broad approach will begin to emerge.
Acknowledgements The author gratefully acknowledges the chiefly Professor David Weir and Dr Roger also to: Professor Heather Hiipfl (Bolton Business School and Sedgewick (UK)) and
advice and comments of colleagues at Bradford, de la Mare of the Risk Management Unit; thanks Business School), Professor Brian Toft (Bolton Dr Bill Richardson (Sheffield Hallam University)
Challenging
the orthodoxy in risk management
261
for their comments and encouragement; the editors of this special edition, Dr Neville Stanton and Dr Ian Glendon for their invitation to publish and encouragement; the referees for their constructive criticism of an earlier draft; the librarians at the Chartered Insurance Institute and the Institute of Actuaries for their invaluable assistance; and the Statistical Department of the Association of British Insurers.
References Ansoff. HI., 1984. Implanting Strategic Management. Prentice Hall, Englewood Cliffs. Ashby, S.G. and Diacon, S.R., 1994. The value of corporate risk management: Empirical evidence from large UK companies, in: Changing Perceptions of Risk: The Implications for Management. Bolton Institute of Higher Education, Business School, Bolton. Association of British Insurers, 1992. Insurance Statistics 1988-92. Association of British Insurers, London. Athearn, J.L. and Pritchett, ST., 1989. Risk and Insurance, 6th edn. West Publishing Company, St Paul. Beck, U., 1991. The Risk Society. Sage, London. Bignell, V. and Fortune, J., 1984. Understanding Systems Failures. Manchester University Press, Manchester. Calori, R. and De Woot, P., 1994. A European Management Model: Beyond Diversity. Prentice-Hall International (UK) Limited, Hemel Hempstead. Cecchini. P., Catinat, M., Jacquemin, A. and Robinson, J., 1988. The European Challenge 1992: The Benefits of a Single Market. Wildwood House, Aldershot. Chartered Insurance Institute, 1991. Risk Management. The Chartered Insurance Institute, London. Cullen, the Hon. Lord, 1990. The Public Enquiry into the Piper Alpha Disaster. HMSO, London. Grose, V.L., 1990. Managing Risk: Systematic Loss Prevention for Executives, 2nd edn. Prentice-Hall Inc., Englewood Cliffs. Haimes, Y., 1991. Total risk management. Risk Analysis, 1l(2). Health and Safety Executive, 1992. A Guide to the Offshore Installations (Safety Case) Regulations 1992. HSE Books (previously published under the auspices of HMSO), Sudbury. HBpfl, H., 1994. Safety culture, corporate culture: Organisational transformation and the commitment to safety. Disaster Prevention and Management, 3(3): 49-58. Institute of Management, 1994. Management development to the millennium. The Cannon and Taylor working party reports. IM Research Report, Corby. Kloman, H.F., 1992. Rethinking risk management. The Geneva Papers on Risk and Insurance, 17: 299-3 13. Lapper, R., 1993a. Profits turn sour for insurance companies. Financial Times, London, 14 August. Lapper, R.. 1993b. When disasters lead to riches in Bermuda: The international reinsurance market. Financial Times, London, 15 September. Makridis, S. and Wheelwright, S.C., 1989. Forecasting Methods for Management, 5th edn. John Wiley and Sons, Chichester. Muth, M., 1993. Facing up to the losses. An analysis of the European insurance industry on the verge of a structural shake-up. The McKinsey Quarterly, 2: 73-92. Pcdler, M., Burgoyne, J. and Boydell, T., 1991. The Learning Company: A Strategy for Sustainable Development. McGraw-Hill, London. Reason, J., 1990. Human Error. Cambridge University Press, Cambridge. Richardson, B., 1994. Crisis management and management strategy - time to “loop the loop”? Disaster Prevention and Management, 3(3): 59-80. Royal Society, 1992. Risk: Analysis, Perception and Management. Report of a Royal Society Study Group. The Royal Society, London. Senge, P.M., 1990. The Fifth Discipline: The Art and Practice of the Learning Organisation. Currency Doubleday, New York. Shrivastava, P., Mitroff, I.I., Miller, D. and Miglani, A., 1988. Understanding industrial crises. Journal of Management Studies, 25: 283-303. Smallman, C., 1994. Offshore safety management systems: Current practice and a prescription for change. Disaster Prevention and Management, 3(3): 33-48. Smallman, C., 1995. Risk and organisational behaviour: Towards a theoretical framework. In L. Barton (Ed.) New Avenues in Risk and Crisis Management, Volume III. The Board of Regents, University of Nevada, Las Vegas.
262
C. Smallman
Smallman, C., de la Mare, R. and Weir, D.T.H., 1994. A need for fundamental change? Socio-technical risks assessment and the insurance industry, in: Changing Perceptions of Risk: The Implications for Management. Bolton htstitute of Higher Education Business School, Bohon. Swiss Re (UK). 1990. Natural Catastrophes and Major Losses 1970- 1989: Increasing Catastrophe Losses from Forces of Nature in the 1980s. Swiss Reinsurance Company (UK) Limited, London. Swiss Re (UK), 1992. Natural Catastrophes and Major Losses in 1991: Insured Damage Reaches New Record Level. Swiss Reinsurance Company (UK) Limited, London. Swiss Re (UK), 1993. Natural Catastrophes and Major Losses in 1992: Insured Damage Reaches New Record Level. Swiss Reinsurance Company (UK) Limited, London. Toft, B., 1995. Limits to the mathematical modelling of disasters. The Risk Society Conference, Liverpool Business School in collaboration with the Geneva Association, John Moores University, Liverpool. Toft, B. and Reynolds, S., 1994. Learning from Disasters: A Management Approach. Butterwotth-Heinema, Oxford. Tombs, S., 1995. Deregulation. The Risk Society Conference, Liverpool Business School in collaboration with the Geneva Association, John Moores University, Liverpool. Turner, B.A., 1978. Man-Made Disasters. Wykeham Publications, London. Wright; G. and Ayton, P. (Ed& 1987. Judgmental Forecasting. John Wiley and Sons, Chichester.
Vol. 22, No. 1-3, pp. 245-262, 1996 Copyright 0 1996 Elsevier Science Ltd Printed in Great Britain. All rights reserved
Pergamon
0925-7535/96
$15.00
+
0.00
SO9257535(96)00018-5
CHALLENGING THE ORTHODOXY IN RISK MANAGEMENT Clive Smallman University of Bradford, Management Centre. Risk Management Unit, Emm Lane, Bradford BD9 4JL, UK
Abstract-Risk management is placed in the context of recent social theory, recognizing the emerging chaos that is inherent in post-indusbial life. The declining performance of the insurance industry is cited as evidence of the dynamic changes in society. Two risk manageand “holistic”, ment paradigms, “reactive” are described and contrasted. An outline model of the second is presented and linked with elements of recent research in risk management. The paper then presents a discussion of this new paradigm in relation to key issues in the future of risk management. Copyright 0 1996 Elsevier Science Ltd
1. Introduction
1.1. The risk society
There is an increasing amount of evidence to support the contention that a new era of political, economic, social, technological and environmental turmoil is upon us. With dynamic change comes uncertainty, brought about by the process of modernization. Just as it produced the industrial society from the ashes of the feudal society of the 18OOs,so modernization is setting light to present day industrial, commercial and social structures as society evolves. This emergent society Beck (1991) terms the risk society. In an influential piece of social analysis, Beck identifies the consequences of modernization - that is, industrial and scientific development - as a set of risks. Moreover, he sees these hazards as phenomena the like of which we have never previously faced. Many risks now cross national and international boundaries (for example, Chernobyl, the international drugs trade, intemational currency trading) and are seldom limited in space; nor are they limited in time. The long-term effects of many of our activities are difficult to predict, but it is more than likely that our children’s inheritance will be problems that we are creating now. No one group is to blame for these problems; it is a collective blame and one that is the product of the process of modernization. Yet, in spite of our growth and development it is becoming increasingly difficult for us to adequately compensate those individuals whose lives are directly affected by 245
246
C. Smallman
the risks to which we have given life; nor can we hope to compensate those whose lives we impact years from now. 1.2. The need for a new approach Society in general and commercial organizations in particular are beginning to recognize that life is less certain and a different approach is needed. There is a clear need for a coherent and informed “new” approach to risk management in the post-modem world. This is especially true of the insurance industry and to a lesser extent the offshore industry (Smallman et al., 1994). In an attempt to further the debate this paper explores the nature of risk management and the discussion that surrounds it. 1.3. Objectives
The objectives of this paper are to: justify the need for improved risk management (in general and in terms of the performance of the insurance industry); present popular and alternative models of risk management; and debate key issues in risk management with reference to the alternative model.
2. The need for improved risk management 2.1. In general
In addition to the work of Beck (1991), there exists empirical evidence to support the growing importance of commercial risk management. Ashby and Diacon (1994) questioned 127 risk managers in 350 of the UK’s largest companies. The main purpose of the questionnaire was to discover why firms spend money on risk management. Respondents placed most emphasis on statutory compliance, relating to employee health and safety, product safety and environmental safety. Firms are also intent on limiting legal liabilities to employees, consumers and the environment (particularly from the point of view of image). Seventy percent of respondents rated each of the factors as important. Hence, the importance of risk management in commerce stems largely from the need to avoid contractual, tortious or statutory liability. However, it was also found that risk management is used in order to reduce socio-technical systematic risks as a means of direct benefit to shareholders. 2.2. In the insurance industry The insurance world is showing signs of great change. Certainly the European insurance sector shows early symptoms of wide-scale restructuring (Muth, 19931, particularly in Germany and the UK. The inexorable tightening of legislation in the wake of many financial scandals, coupled to an imminent lowering of trade barriers (Cecchini et al., 1988), has added an air of great uncertainty to the insurance industry; and this in a business that was originally built on a perceived ability to predict uncertain events. After the comparative success of the 1980s more recently the general insurance market has been a difficult one in which to live.
Challenging
the orthodoxy in risk management
20 r
l
Fig.
247
Unadjusted
I. UK insurers premium income growth 1987- 1991.
2.2.1. Symptoms of decline The Association of British Insurers (ABI) represents most of the UK insurance industry. As
part of its activities it monitors the fortunes of its members. In 1992 it published a summary of the performance of its members between 1987 and 1991 (Association of British Insurers, 1992). The late 1980s and early 1990s saw an apparent steady rise in premium income in all categories of general insurance. The rise in consumer expenditure and the expansion of business had fuelled the market for insurance of all types of property against fire, theft and other damage. The major contribution to new business came from the fire and accident and motor markets, although the latter is increasingly regarded as a poor risk. However, although 1991 saw premium income of some &27,270 million, it also saw a trading loss of over &3,270 million (12% of premium income). This is only the third time that a loss has occurred since statistics have been collected. However, underlying the apparently healthy growth in premium income, the true trends (corrected for inflation) were much less appealing. A marked decline in growth of premium income in 1990 matched the rise in inflation that is now recognized as the start of the recent recession (see Fig. 1). Following turnover, if we examine profits we see even more disturbing trends. In the whole of the five-year period only the marine aviation and transport sector of the general business showed a profit, and that was at the beginning of the period. Each other sector shows massive losses, led initially by the motor business (a perennial loss-maker) but then by the fire and accident sector. Clearly the companies were saved only by their massive investment “muscle” that helped them to offset enormous underwriting losses. Profit growth figures emphasize the nature of the difficulties in the market. The profit slump began in 1988/89 with a 75% fall in profits, followed by dramatic falls of nearly 200% in 1989/90 and a further 100% in 1990/91. The heavy reliance on investment performance tends to indicate that insurers have lost sight of their original core business: compensation for insured losses. The losses discussed above are just those for the corporate UK general insurance business - that is, the business conducted by companies limited by guarantee and quoted on the
248
C. Smallman
London stock exchange. Consequently, their recent performance only partially reflects the full story. In addition to the corporate general market we can also look at Lloyds of London. Until the early part of 1994 corporate insurers were not allowed to enter the Lloyds market and, therefore, corporate results were largely unaffected by losses at Lloyds. The Lloyds market has suffered more than any other. Many names have paid all for “gambling” with unlimited liability (Lapper, 1993b). These private individuals stake their considerable personal wealth on the Lloyds market hoping to profit from backing largely maritime but also other major insurance risks and profiting from a share in the massive premium income that offering such insurance can bring in. The only catch, as many have discovered, is that their individual liability is unlimited. In 1989 and 1990 several syndicates exceeded twice their total capacity for payment. One group of syndicates sustained losses in excess of 51 billion, approximately one-sixth of Lloyds total losses in the last five years; many others were simply driven out of business. Then in 1991 and 1992 a second wave of losses hit the market. The number of syndicates fell from just over 400 in 1990 to 228 in 1993. A fall to less than 200 is forecast for 1994. The problems of losses at Lloyds is exacerbated by the three-year accounting period that Lloyds adopts because of the complexity and volume of its business. Worldwide, an estimated US $10 billion in capital was drawn out of the industry (net cash outflow) (Lapper, 1993b) during 1990 and 1991. This does not allow for the costs that organizations involved in disasters have themselves paid out, either voluntarily or following litigation, by way of self-insurance. 2.2.2. Causes of decline Many of the insurers’ problems relate to the recession. It is a matter of historical fact that insurance claims (successful and unsuccessful) rise during such periods. The increase is generally attributable to rising crime, fraudulent claims and the propensity of policy holders to claim for damage to items when they might not previously have considered doing so. For example, total estimated theft claims rose 30% in real terms between 1987 and 1991 to &1,151 million. Over the same period the number of offences related to burglary, robbery and theft recorded by the Police in England and Wales rose nearly 35% from 2,990,733 to 4,035,627. Again between 1987 and 1991 fire claims rose to &1,018 million, and increase of 21% in real terms. However, these are surely not the not the sole cause of difficulties faced by insurers. Of late, insurers have suffered badly in the wake of claims for catastrophic losses of life and capital investment. These resulted from an unprecedented series of manmade sociotechnical disasters and natural catastrophes. Although these are randomly distributed over time, it is possible to infer that the current trend may be towards a rise in frequency. 2.2.3. Reaction The response of the insurers was predictable. Premiums for all types of insurance have increased markedly. In the opinion of many, insurance fees now verge on the punitive. The cycle of heavy loss followed by increased premiums brings into question key elements of the insurers’ business strategy, notably strategic direction, product design and pricing. There is also the question of pricing errors and the assumption made by many insurers that their products are fully price elastic. This may be based on faulty reasoning, and brokers and consumer organizations are not happy with the recent price rises (Lapper, 1993a). In some observers’ eyes the insurers are returning to profit simply by raising prices rather than improving efficiency and productivity.
Challenging
the orthodoxy in risk management
249
The insurers argue that this is simply not the case, pointing out that they have improved efficiency, as demonstrated by falling expense ratios (costs against premium income). Critics remain unconvinced, choosing instead to believe that the reforms are limited and that few genuine attempts have been made to reorganize business processes. The general perception of most people is that in this case insurers have had their traditional “knee jerk” reflex to a series of poor results, rather than looking at their basic risk evaluation philosophy. Whilst these arguments are heard largely in connection with small-scale personal and business insurance, the cost of insuring major risks is also rising. Indeed, it is becoming ever more difficult for owners and operators of installations such as oil rigs and chemical plants to obtain insurance without offsetting much of the cost themselves. It is now common to find major organizations that have either bought or set up their own reinsurance companies for their own protection and for that of their employees and investors. Yet, need this be the case?
3. Risk management 3.1. The nature of risk management Risk management has a long and rich history easily matching the breadth that characterizes this discipline. Of late, there has been a resurgence of interest in the field. This is partly stimulated by a recent Royal Society (1992) report, but more so by the intense debate of the subject by its practitioners. The art that is management draws on a very broad church, encompassing elements of technical, social and managerial sciences. Risk management is no less broad, addressing as it must the full gamut of hazards that we face. It has been defined thus: “The identification, analysis and economic control of those risks which can threaten capacity of the enterprise.” Churtered Insurance Institute (1991.)
. the art of making alternative choices, an art that properly future events rather than reaction to past events.”
should be concerned
the assets or earning
with the anticipation
of
“Risk management is simply good common sense in coping with possible and actual daily mishaps, and occasional major disasters, that lead to financial losses and unfuljilled plans for individuals und organisations indeed for our society as a whole.” Kloman (1992.)
Here is evidence of the polarization of risk management between “pure” financial risk management (that the insurance industry apparently dominates) and a much broader view. 3.2. Risk management
paradigms
Where there is variety in risk, there is equal variety in methods of assessing and managing risk. However, amongst all of the debate, as mentioned previously, there are two discernible poles of opinion: reactive (or fatalistic) risk management, and proactive (or holistic) risk management. 3.2.1. Reactive risk management The reactive approach relies on institutions to set predetermined risk tolerances and to convert these goals into quantified decision rules. These guidelines are applied by experts to given cases and can be incorporated into organizational design and operations. There is a
C. Smallman
250 Table 1 The risk management process Stage
Action
5 6
Establish objectives. Identify exposures to loss. Evaluate measurable aspects of the exposures. Select the best method or methods for handling risks: Avoidance loss prevention and reduction, retention, transfer. implement the risk management programme. Review the programme continuously.
Source: Atheam and Pritchett (1989).
strong relationship between this approach and the “homeostatic” model put forward by the Royal Society (1992). This requires forecasting, quantification and specification of outputs. This is mirrored in current insurance practice whereby premiums are set on the basis of quantified actuarial models of risk and follow a set pattern and process (see Table 1). Changes to the models generally only occur in the wake of negative events (e.g., poor institutional performance or an increase in socio-technical failures). The approach is also narrow, accounting for only those risks that the company perceive as an immediate threat. As such this approach is event-driven, whereby organizations react to what might be termed “event push”. Whilst there are limited signs to the contrary, most organizations still rely on risk retention (accepting loss) and risk transfer (hoping that some other institution will bear the loss) as their principal means of “risk management”. This is a fatalistic approach that accepts “if things can go wrong they will” as a principle of business. This is not management; it is allegiance to “Murphy’s Law”. On an economic basis, transferring risks usually leads to financial loss either in terms of that resulting from an event or premiums paid to insurers. Risk retention is often forced upon organizations where insurance is unavailable or difficult to obtain (indeed, many large companies finding insurance hard to obtain or obtainable only at a high premium have set up or bought their own captive insurers). If risks are not properly managed retention is a dangerous approach. If risks are properly managed (or if the company is blessed with great good fortune) monies reserved for potential loss coverage can be invested and made to work on the organization’s behalf. To achieve good risk management requires that organizations pay more attention to risk avoidance, prevention and reduction. Each of these words has a positive meaning to it; they infer the need for proactivity. This is at odds with the predominant characteristics of the reactive paradigm. 3.2.2. The proactive approach: “holistic” risk management Following a proactive model recognizes that forecasting is limited by scientific uncertainty and that the picture is further disturbed by cultural dynamics. Hence, it is extremely difficult to build models and so set decision-making rules. This makes it difficult to transfer risk and dangerous to accept it, without good management. Risk must therefore be avoided, prevented and reduced, especially where organizations have retained major risks. There is a strong relationship (but not an exact match) between this model and the “collibrational” approach defined by the Royal Society (1992).
Challenging
251
the orthodoxy in risk management “HOT” failures
Human
Organisrtiond
Technological
Event initiators
crisissymptoms
>---+
Regulatory
Infrsatructurrl
Political
Fig. 2. A model of industrial crises. After Shrivastava
et al. (1988).
This approach is falls in line with emergence of “holistic risk management”. Championed by Haimes (1991) this is defined as: “A systematic, statistically based, and holistic process thut builds a formal risk assessment and management, and addresses the set four sources offaiiure software fhilure,
within a hierarchical
(3) organizational failure,
multi-objectiue framework:
(4) human failure.”
ill hardware fLiIare, (2)
Haimes (1991.)
The essence of this approach is that we consider all risks and their interrelationships on a proactive basis, driven by potential risk and not by events (although organizations must learn from events). Where the current orthodoxy in risk management is governed largely by “event push” factors (reactive), the holistic approach advocates the need for “risk pull” as well. 3.2.3. Basis for a paradigm shif: the risk management envelope By drawing on lessons from research into socio-technical disasters and adapting an accepted model of crisis causation (see Fig. 21, we might better consider the full range of potential risks and techniques to handle them. Human, organizational or technical failures (“HOT” causal classes) are direct risks that may combine to initiate crises. These risks are potential failure triggers. Perhaps more pernicious are the regulatory, infrastructural or political factors (“RIP” causal classes) that may combine to accelerate or exacerbate the effects of a “HOT’‘-sourced failure. The reactive school place heavy emphasis on the prevention of technical failures and in detecting weaknesses relating to regulatory and infrastructural factors. This is evidenced by the engineering focus of the UK Health and Safety Executive and similar bodies throughout the world. However, our record in identifying potential human and organizational failures, exacerbated by political factors, is less than good. Evidence of this exists in a string of recent major tragedies and disasters, where alleged human and organizational failures led to loss of life and property (e.g., the Herald of Free Enterprise, the Estonia, Challenger and the Bow Belle).
Such failings infer the apparent need for a paradigm shift in risk management, a shift towards considering all factors. Such “holism” requires organizations and individuals to tackle the difficult problems known, paradoxically, as “soft factors”. In this respect, if the model of crisis causation is extended to acknowledge natural effects and to incorporate the risk management hierarchy, there emerges a model of what may be
C. Smallman
252
Fig. 3. The risk management envelope.
termed the risk management envelope (see Fig. 3). This envelope provides a simplified view on an environment in which risk managers need to assess, through constant monitoring, prediction and organizational learning from past problems (internal and external), likely risks to the organization. From informed assessment comes the opportunity to exercise control through the hierarchy of available control actions. 3.2.4. The risk management pyramid Based on the envelope, there are three main aspects to the process of holistic risk management itself (see Fig. 4): monitoring, forecasting and organizational .leaming. Monitoring requires continuous data collection and analysis of each of the aspects highlighted within the risk management envelope. The broadest view possible is the best, and information should be gathered from as many available sources as possible. It is important that organizations pay attention to so-called “weak” signals (Ansoff, 1984) that are indicators of latent failures (Reason, 1990). In line with previous arguments, such signals are generally centred upon the human organizational and political causal classes in the risk management envelope. The difficulty is identifying and monitoring these factors in their behavioural and intangible nature. Detecting such factors requires skills that go well beyond traditional methods of risk assessment that rely heavily upon the assumption that risks may be treated as “concrete physical entities” (Taft, 1995). In forecasting, organizations should not rely solely on probability theory and actuarial models (Toft, 19951, and proven qualitative techniques exist that enable prediction of likely risk scenarios (e.g., scenario planning, Delphi technique) (Wright and Ayton, 1987; Makridis and Wheelwright, 1989). Yet, combining qualitative techniques with numerical methods calls for diplomacy in bridging the gap between the quantitative and qualitative school within any
Challenging
253
the orthodoxy in risk management
Natural environment
Natura env.
Natural environment
Organisational
Infrastructural
Technological
Natural env.
Political
\
/ Natural enkkc
“HOT” or Direct Risks
“RIP” or Indirect Risk7
Fig. 4. The holistic risk management pyramid.
This reflects the theoretical divide that exists between various actors in the risk management community. In arganizutional learning there exists a powerful tool that enables all organizations to learn from past experiences and errors of themselves and others (Pedler et al., 1991; Senge, 1990). A clear embodiment of the notion of organizational learning relating to risk management may be found in Toft and Reynolds (1994). The main drive of their theory relates to active learning as a means of reducing socio-technical failures. However, on face value at least, the work seems equally applicable to all types of risk. Toft and Reynolds’ (1994) systematic approach is embodied in a simple model (see Fig. 5). The left-hand side and central elements of the model represent the current orthodoxy in the design development, implementation and maintenance of any socio-technical system. Where the approach differs is in the right-hand loop. If the system fails (or if similar systems fail), lessons are drawn in through this loop and incorporated into future plans and practices. This requires the design learning system component to draw in data from failures and other sources (including environmental scanning), thus relying on the monitoring aspect of the risk organization.
c. Smallman
254 r___---_---------___-____~---_-----_-~~~~~,
I I I
I I I I I
Increased design knowledge about socio-technical failures
I I I I
I
I I
I I I
I I I I
Perceived need for a change in the environment
Information on failures in operational systems
_I
Control action
Fig. 5. A socio-technical
Condition data
failure. minimizing system. After Toft and Reynolds (1994).
envelope. This data is analysed in order to produce valuable insights for design and management of systems. Taft and Reynolds (1994) highlight the potential value of this approach not just in terms of single organizations, nor just networks of organizations. Rather they see it as a national resource managed by a government body, with information on disasters available to all interested parties. This is a grand vision indeed and one that this author shares. However, in the nature of the current government, such a body is bound to come into the jurisdiction of the Health and Safety Executive. Not only is this body already under-funded (Tombs, 19951, it is also the domain of engineers who are naturally trained to use quantitative risk assessment techniques very much at odds with the notion of organizational learning. In combining the techniques of long-term non-numeric forecasting and organizational learning, we can perhaps propose a route forward for a holistic approach to risk management. However, this requires that all interested parties let their focus widen to embrace a much broader world view, where there is room for all techniques. Data collection and collation may involve a variety of techniques from simple environmental analysis (which requires examination of the political, economic, social, technological and natural environments for potential threats and opportunities to the organization) through to sophisticated quantitative risk assessments. Forecasting may use projections based on regression analysis as easily as it may use scenario developments. However, whilst both data collection and forecasting are accepted parts of corporate life in most modem enterprises, organizational learning is not. It requires a management
specificationism
Source: Royal Society (1992).
Outcome
Narrow participationism
Complemetarism
Designism
Quantificationism
Absolutionism
Safety and other goals go hand-inhand under good management Discussion is most effective when confined to expert participants The regulatory process should concentrate on specifying structures or products
Apply causal knowledge of system failure to ex unte actions or better risk management A “no-fault” approach to blame avoids distortion of information and helps learning Quantification promotes understanding and rationality, exposes special pleading Apply the accumulated knowledge available for institutional design
Anticipationism
policy summarized
Justification
contests in risk management
Doctrine
Table 2 Seven doctrinal
Process speciticationism
Broad participationism
Trade-offism
Design agnosticism
Qualitativism
Blamism
Resilienism
Counter-Doctrine
Complex system failures not predictable in advance and anticipationism makes things worse Targeted blame gives strong incentives for tatting care on the part of key decision-makers Proper weight needs to be given to inherently unquantifiable factors in risk management There is no secure knowledge base or real market for institutional design Safety must be explicitly traded off against other goals Broader discussion better tests assumptions and avoids errors The regulatory process should concentrate on specifying institutional processes
Justification
C. Smallman
256
Table 3 Factors in holistic and reactive risk management Holistic risk management
Fatalistic risk management
Anticipationism Absolutionism Qualitativism/intelligent quantificationism Designism Complemetarism Broad participationism Process specificationism
Resilienism Blamism Blind quantificationism Design agnosticism Trade-offism Narrow participationism Outcome speciticationism
change of attitude and of culture, whereby past mistakes are viewed as an opportunity to learn, rather than criticize. Moving toward such an approach was advocated in the wake of the Piper Alpha disaster (Cullen, 1990). Herein the promotion of the notion of a safety culture within an organization was placed over and above the role of quantitative risk assessment. It is perhaps a poor reflection of our leaders and elements of the Civil Service that the regulations (HSE, 1992) that built on the Cullen report lean once again towards numbers rather than people (Smallman, 1994). Evidence previously cited (Ashby and Diacon, 1994) points towards the avoidance of liability as a major incentive for corporate risk management. Unfortunately, with liability frequently goes the perceived need for someone to blame, yet some leading organizations feel they have benefited greatly from the introduction of a “no blame culture” (e.g., British Airways; see HBpfl, 1994). 3.2.5. Key doctrines in holistic risk management Developing our definition further, it is important to look at key doctrines that exist within the discipline of risk management and their relationship to holistic risk management. The Royal Society (1992) highlights a number of current and important debates in modern risk management. These are summarized in Table 2. By its nature holistic risk management is open, positive and based on a proactive approach to countering risks. With this in mind the Royal Society summary may be reformulated as in Table 3. Major differences and dichotomies are readily apparent. In the qualitative uersus quantitutiue contest, for holistic risk management the weighting falls toward qualitativism (since the very essence of holistic is that all things must be considered) coupled to “intelligent” quantificationism. There is room for the intelligent use of quantitative techniques, but only to the point where they do not substitute for good management judgement. The danger is, as always with numbers, that “analysis leads to paralysis”, whereby the use of numbers is used as a means of abdicating management responsibility. In terms of participutionism the bias falls toward broad participation again because the word holistic implies “the whole”. In this sense this means that the whole organization should be represented. Finally, process specification is preferred. The emphasis here falls on structuring the way that decisions are made initially, rather than attempting to monitor output, since prevention is generally accepted to be better than a cure. In this doctrinal model we find techniques that when combined allow for the assessment and control of all types of risk within the risk envelope.
Challenging
the orthodoxy in risk management
257
Hence, the emergent holistic risk management paradigm is defined. However, the shift to this paradigm away from the reactive model is occurring only very slowly. A number of barriers and issues block the development of a more proactive approach and effectively “threaten” the future development of the discipline.
4. The future of risk management As risk management practitioners strive to enhance and develop their discipline, they face a number of key issues that must be addressed in the near future. 4.1. The balkanization of risk management practice There is a very real danger that rather than it being drawn together into a coherent whole, risk management will continue to develop as a fragmented ill-defined gathering of theory and practice. Preventing such “balkanization” requires informed and intelligent debate, agreement between various practitioner groups and communication with “customers”. The range of representative bodies laying claim to risk management is wide indeed. In the UK there is the Chartered Insurance Institute (which offers risk management courses as part of its professional examinations) and the Institute of Risk Management (providing a global forum for professionals working in the field). In wider Europe there is the Geneva Association and the Institute of Insurance Economics, although the main thrust is lead by the Association of Insurance and Risk Managers in Industry and Commerce !AIRMIC). The list goes on, including major American associations and university centres throughout the world. Such a range of bodies is bound to create friction, although there is discourse between the groups as their members strive to find a future path for the discipline. However, where risk management professionals are divided at a procedural level, it is frequently the case that they will come together in defence of their “profession” when faced with intrusion from non-professionals. Increasingly organizations are seeing the benefits of workplace democracy and the use of employees in a much wider sense. The quality movement is largely responsible for this innovation, and there are signs that it is spreading to the risk management arena (Royal Society, 1992). The argument in favour of such involvement is that it provides a broad view on risk and that naive questions are often the most revealing in analysis of unknowns. Against this runs the point that technical expertise is the key to clear decision-making on risk matters that can be diluted by broad debate. Hence, risk management “professionals” argue that broad risk management teams are counter-productive. 4.2. Anticipation and the effect and threat of catastrophes The notion of holistic risk management presented above rests on the notion of anticipation. The key notion is that through applying causal knowledge of socio-technical and related systems failure it is possible to apply risk management actions that will avoid, prevent, reduce or transfer risks (Taft and Reynolds, 1994; Bignell and Fortune, 1984; Turner, 1978). Against this argument there are two major points. A whole series of recent reports [Swiss Re (UK), 1990, 1992, 19931 and other publications highlight a sad fact. Humankind’s considerable technological advances and abilities are overshadowed only by our seeming inability to prevent catastrophes (Richardson, 1994). Man-made disasters, as well as natural,
seem to be on the increase. Risk management has to meet the challenge being set by this trend. It can only do so if practitioners acknowledge the need to track weak signals that might be indicative of future catastrophes in the long term. Also, some authorities (Royal Society, 1992) argue that systems failures and catastrophes look predictable only in hindsight. They argue that such systems are inherently complex and dynamic and as such their behaviour is inherently difficult to forecast. The argument continues that overly “enthusiastic” risk management can in fact reduce an organization’s ability to respond to disaster, and that more emphasis should be placed on “handling difficult situations” rather than managing. In accepting an element of truth in the counter-argument to anticipation, it is also true to say that these arguments rest very much at the periphery of the overall “risk envelope”. Hence, there is clear argument for a balanced approach, but very definitely with the emphasis on prevention rather than cure. 4.3. Short-term versus long-term thinking The need to forecast and think ahead in the long term is an important characteristic of the holistic model, relating to the doctrine of anticipationism. Developing the theme of preventive medicine, consideration has to be given to the time frame within which the “physician” works. Despite the best efforts of management theorists and business schools, the general outlook in business today, especially in the US, the UK and (to a lesser extent) much of the developed world, remains avowedly short-term (Calori and de Woot, 1994). This is a result of both economic (shareholders) and political pressures that generally force businesses to think only as far ahead as the next dividend payment or election. Consequently, little consideration is given to the long-term effects of their activities, which may only become apparent in 10 or 20 years time. Nor are catastrophic events that are likely to occur only once every 150 years considered. Whilst contentious, it is arguable that such myopia regarding latent failures may be indirectly transmitted to risk managers, who are caught up in a short-term spiral forced upon them by working within a market economy. In the market the emphasis falls on short-term gain, and this is the means by which performance is measured. The immediate impact of long-term effects is difficult to price, especially when the potential event might be 20-50 years ahead. Consequently, few risk managers may be interested in long-term negative effects. 4.4. The contribution of quantitative risk assessment (QRA) The use of numbers in predicting risks is well advanced. The problem with many risks is that all too frequently a human element is. involved. Time and again modelling human behaviour with numbers has been proven to be fraught with problems. Also, modelling risks is often based on historical data. Historical modelling is a valid and proven technique. However, it is too frequently used as a substitute for good management judgement. The holistic approach demands the use of “intelligent” quantificationism. This requires sensitivity and judgement in the use of what are usually assumption-laden calculations. The key point in favour of the application of numerical methods in risk assessment is that it provides a convenient tool for resource allocation. For example, much of government safety policy and regulation is based around the use of Quantitative Risk Assessment (QRA). The very technical sophistication of QRA also seems to offer a feeling of security, particularly where the assessment is automated and the final verdict delivered via a computer program.
Challenging
the orthodoxy in risk management
259
There are those within the pro-QRA camp who admit the need for careful consideration of other elements within the risk envelope. Indeed, consideration of human behaviour forms a part of several of the techniques used. Yet, it seems that they always come back to probability theory as a means of assessing the future. Grose (1990) identifies the shortcoming of using QRA. His principal argument is that the very complexity of human behaviour mitigates against a reductionist approach that frames natural phenomena as numbers (this reflects a broader philosophical stand-off in social science, generally wherein phenomenologists argue against the dominant positivist tradition). Simply the attempt to substitute numbers for the intricacies of real life will always lead to over-simplification. Also, the lack of applicable data will often force dishonest guessing, leading to assumption-laden decisions (Taft, 1995) that may lead decision-makers to inadvertently (or otherwise) substitute numbers for reasoned judgement. Hence, in simplifying risk through reducing it to the abstract, there is a danger that it may be unrealistically traded off against benefit by relying on numbers. 4.5. The role of the insurance industry Risk management has an overt tie to insurance. It seems that this strong relationship is endangering the relevance of risk management to the needs of modem society and business. It has been claimed that the lack of a coherent theoretical base for risk management is directly responsible for the inability of the risk management community to break the link with insurance. A number of authors have found that the insurance industry has restricted the development of risk management in its own right. Such is the hold of insurers, that very the term risk management is a euphemism for insurance management. Except for a few forward-looking companies, insurers have failed to fund research in risk-nor have they emphasized the need for risk control. Instead the industry has tended to rely far too heavily on predictions of actuaries. Growing population and economic development continue to increase the demand for energy, raw materials, new materials and new products. In turn, this pushes all industries, but particularly those in the energy and chemical sectors, to invest heavily in new technology and stretch the technological boundaries of their already high-risk businesses (although their productivity could perhaps improve). To look at history and expect from there to predict accurately the risk inherent in such ventures, whilst a valuable and proven technique, must be considered inherently “risky” in its own right (Taft, 1995; Smallman, 1994). In spite of this, many insurers continue to perpetuate the myth that they have solved many risk problems. In fact, what they have generally done is spread and share the risk rather than addressing the fundamental problem. Apparently, insurance management focuses far more on premium income than on risk exposure, to the point where they are seemingly not capable of calculating their total liability. If this is true, then perhaps a strategic review of their approach is overdue, one in which much attention should be placed on the development of information systems aimed at establishing risk exposure. This point is reinforced by recent events in both the corporate insurance market and particularly Lloyds, where the financial instability of these markets makes an effective case for reduced rather than conventional insurance. It is generally accepted that large insurers have also moved away from their original core business and now rely heavily on investment to support their weakened ability in the area of risk assessment. With these and other factors in mind, it may be the case that insurers have little to do with the future development of risk management practice.
C. Smallman
5. Risk management:
an essential discipline in an uncertain society
The environment that both business and wider society face today is markedly different from the past. There is little doubt that it will continue to change rapidly in the future. Such change not only induces problems for organizations by its very rate and scale, but also in terms of the uncertainty that it brings to bear. The signs are that many managers are having difficulty in keeping pace with these factors, and a recent survey placed concern about uncertainty and risk at the top of the agenda for many practising managers (Institute of Management, 1994). Hence, there is a very real need for establishing a singular and well-defined approach to risk management. Only in this way can we hope to reduce the existing and rising levels of risk faced by both business and society. More debate surrounds the role of risk management. It seems that there is only a weak relationship between risk management theory and practice. Also, there is perhaps too much emphasis on management and not enough on action in addressing harmful uncertainty. It is hardly surprising that reactive risk management is dominant at the present time; it is, apparently, more certain and easier to manage and cosr than the holistic approach. However, it is clear that the current orthodoxy is under attack, since it has been found wanting in any number of catastrophic events. A holistic approach is where the future of the discipline lies. What is needed, and quickly, is a coherent, well-specified methodology. The starting point for developing a practicable holistic approach lies in two research themes highlighted by the Royal Society (1992). The first advocates the use of cultural theory in examining, through methodical investigation, the strengths and weaknesses of different types of organizations in their approach to risk management. Little has been proven methodically as to the kinds of organizations that take or avoid risks, although much is known informally. Nor is it easily determined what kinds of risk organizations take, why and with what effects. By exploring risk-related behaviour of organizations in this manner we might better understand the reasons underlying the continuing balkanization of risk management practice. The second theme relates very strongly to the first. It concerns the lack of information with reference to cross-national and cross-organizational variations in risk management in the public and private sectors. It seems that there is a need for systematic work to compare the claims of those who advocate open risk management polices with those who prefer to place liability solely in the hands of their leaders. Work at the University of Nottingham (Ashby and Diacon, 1994) partially addresses these themes. It indicates that the current economic and financial paradigms have been found wanting and that research in the area of risk management might be better targeted at the development of organizational, political and contextual models. By combining these themes in a critical. assessment of variations in risk management practice with respect to organizational culture within UK industry 6mallman, 19951, a singular, broad approach will begin to emerge.
Acknowledgements The author gratefully acknowledges the chiefly Professor David Weir and Dr Roger also to: Professor Heather Hiipfl (Bolton Business School and Sedgewick (UK)) and
advice and comments of colleagues at Bradford, de la Mare of the Risk Management Unit; thanks Business School), Professor Brian Toft (Bolton Dr Bill Richardson (Sheffield Hallam University)
Challenging
the orthodoxy in risk management
261
for their comments and encouragement; the editors of this special edition, Dr Neville Stanton and Dr Ian Glendon for their invitation to publish and encouragement; the referees for their constructive criticism of an earlier draft; the librarians at the Chartered Insurance Institute and the Institute of Actuaries for their invaluable assistance; and the Statistical Department of the Association of British Insurers.
References Ansoff. HI., 1984. Implanting Strategic Management. Prentice Hall, Englewood Cliffs. Ashby, S.G. and Diacon, S.R., 1994. The value of corporate risk management: Empirical evidence from large UK companies, in: Changing Perceptions of Risk: The Implications for Management. Bolton Institute of Higher Education, Business School, Bolton. Association of British Insurers, 1992. Insurance Statistics 1988-92. Association of British Insurers, London. Athearn, J.L. and Pritchett, ST., 1989. Risk and Insurance, 6th edn. West Publishing Company, St Paul. Beck, U., 1991. The Risk Society. Sage, London. Bignell, V. and Fortune, J., 1984. Understanding Systems Failures. Manchester University Press, Manchester. Calori, R. and De Woot, P., 1994. A European Management Model: Beyond Diversity. Prentice-Hall International (UK) Limited, Hemel Hempstead. Cecchini. P., Catinat, M., Jacquemin, A. and Robinson, J., 1988. The European Challenge 1992: The Benefits of a Single Market. Wildwood House, Aldershot. Chartered Insurance Institute, 1991. Risk Management. The Chartered Insurance Institute, London. Cullen, the Hon. Lord, 1990. The Public Enquiry into the Piper Alpha Disaster. HMSO, London. Grose, V.L., 1990. Managing Risk: Systematic Loss Prevention for Executives, 2nd edn. Prentice-Hall Inc., Englewood Cliffs. Haimes, Y., 1991. Total risk management. Risk Analysis, 1l(2). Health and Safety Executive, 1992. A Guide to the Offshore Installations (Safety Case) Regulations 1992. HSE Books (previously published under the auspices of HMSO), Sudbury. HBpfl, H., 1994. Safety culture, corporate culture: Organisational transformation and the commitment to safety. Disaster Prevention and Management, 3(3): 49-58. Institute of Management, 1994. Management development to the millennium. The Cannon and Taylor working party reports. IM Research Report, Corby. Kloman, H.F., 1992. Rethinking risk management. The Geneva Papers on Risk and Insurance, 17: 299-3 13. Lapper, R., 1993a. Profits turn sour for insurance companies. Financial Times, London, 14 August. Lapper, R.. 1993b. When disasters lead to riches in Bermuda: The international reinsurance market. Financial Times, London, 15 September. Makridis, S. and Wheelwright, S.C., 1989. Forecasting Methods for Management, 5th edn. John Wiley and Sons, Chichester. Muth, M., 1993. Facing up to the losses. An analysis of the European insurance industry on the verge of a structural shake-up. The McKinsey Quarterly, 2: 73-92. Pcdler, M., Burgoyne, J. and Boydell, T., 1991. The Learning Company: A Strategy for Sustainable Development. McGraw-Hill, London. Reason, J., 1990. Human Error. Cambridge University Press, Cambridge. Richardson, B., 1994. Crisis management and management strategy - time to “loop the loop”? Disaster Prevention and Management, 3(3): 59-80. Royal Society, 1992. Risk: Analysis, Perception and Management. Report of a Royal Society Study Group. The Royal Society, London. Senge, P.M., 1990. The Fifth Discipline: The Art and Practice of the Learning Organisation. Currency Doubleday, New York. Shrivastava, P., Mitroff, I.I., Miller, D. and Miglani, A., 1988. Understanding industrial crises. Journal of Management Studies, 25: 283-303. Smallman, C., 1994. Offshore safety management systems: Current practice and a prescription for change. Disaster Prevention and Management, 3(3): 33-48. Smallman, C., 1995. Risk and organisational behaviour: Towards a theoretical framework. In L. Barton (Ed.) New Avenues in Risk and Crisis Management, Volume III. The Board of Regents, University of Nevada, Las Vegas.
262
C. Smallman
Smallman, C., de la Mare, R. and Weir, D.T.H., 1994. A need for fundamental change? Socio-technical risks assessment and the insurance industry, in: Changing Perceptions of Risk: The Implications for Management. Bolton htstitute of Higher Education Business School, Bohon. Swiss Re (UK). 1990. Natural Catastrophes and Major Losses 1970- 1989: Increasing Catastrophe Losses from Forces of Nature in the 1980s. Swiss Reinsurance Company (UK) Limited, London. Swiss Re (UK), 1992. Natural Catastrophes and Major Losses in 1991: Insured Damage Reaches New Record Level. Swiss Reinsurance Company (UK) Limited, London. Swiss Re (UK), 1993. Natural Catastrophes and Major Losses in 1992: Insured Damage Reaches New Record Level. Swiss Reinsurance Company (UK) Limited, London. Toft, B., 1995. Limits to the mathematical modelling of disasters. The Risk Society Conference, Liverpool Business School in collaboration with the Geneva Association, John Moores University, Liverpool. Toft, B. and Reynolds, S., 1994. Learning from Disasters: A Management Approach. Butterwotth-Heinema, Oxford. Tombs, S., 1995. Deregulation. The Risk Society Conference, Liverpool Business School in collaboration with the Geneva Association, John Moores University, Liverpool. Turner, B.A., 1978. Man-Made Disasters. Wykeham Publications, London. Wright; G. and Ayton, P. (Ed& 1987. Judgmental Forecasting. John Wiley and Sons, Chichester.