Over the past few decades we have seen a steady movement towards a more managerial response to these forms of risk. What has emerged is the discipline of risk management. We could define risk management as "the identification, analysis and economic control of those risks which can threaten the assets or earning capacity of an enterprise."
　　This definition is valuable because it highlights the structured approach which is called for if risks to the business environment are to be managed.
　　The three-fold nature of risk management is highlighted in the definition. Risks must be identified before they can be measured, and only after their impact has been evaluated can we decide on the most effective method of control.
　　However we decide to control risk, it must be "economic." There is no point in spending ten pounds to control a risk which can only ever cost five pounds. There will always be a point where spending on risk control has stop.
　　The definition mentions the assets and earning capacity of an organization. These assets can be physical or human; they are both important and risk management must be seen to have a part to play in both. However, risks do not only strike at assets directly and for this reason the definition also mentions the earning capacity of an enterprise.
　　Note that the definition uses the word "enterprise" rather than a more restrictive word such as "company" or "manufacturer". The principles of risk management are just as applicable in the service sectors¹ as they are in the manufacturing sectors, and are of equal importance in the public and private sectors of the economy.
　　When considering risk identification we must remember to take the broad view. We are not solely² concerned with what can be insured, or even with what can be controlled. We start from the very basic question, "How can the assets or earning capacity of the enterprise be threatened?" Starting from this position does not place any constraint³ on us as to what kind of risks we are looking for. We must begin the task in an unblinking manner and identify the whole host of ways in which an organization may be impeded⁴ from achieving its objectives.
　　We could say that there are at least two essentials if risk identification is to be effective.
　　Firstly, risk identification must be importantly recognized within an enterprise. When this is case, it is often marked down as a task within the job descriptions of a particular manager.
　　Secondly⁵, the person responsible for risk identification must be armed with the relevant "tools of the trade" and must make use of them.
　　Once it has been identified that there is a risk, steps have to be taken to measure the potential impact of that risk on the organization. In a practical sense the measurement of risk starts with the gathering⁶ of information, followed by tile analysis of past experience, and then moves on to see what the data tells us about the level of frequency and severity of the risk to which an organization is exposed.
　　We can split the whole area of risk control into physical and financial control.
Physical risk control
　　We are concerned here with physical steps which can be taken in order to control risk. The first step must be to reduce the level of the risk as far as possible. This means both the chance that something will happen and the severity of the incident, should it occur. There are at least two ways in which we could understand risk reduction.
Pre-loss risk reduction
　　It is possible to take steps before any event has occurred to minimize risk. The essence of pre-loss reduction of risk is that the effects of the loss are anticipated and steps are taken to ensure that they are kept to a minimum.
　　Wearing a car seatbelt is a good, personal example. There has been no loss, but the possible effect of a loss has been anticipated and the pre-loss risk reduction step of wearing a belt has been taken.
　　The use of safety guards on machinery⁷, is an industrial equivalent. There has been no injury, but steps have been taken to reduce the risk of injury.
Post-loss risk control
　　This form of risk control imagines that the risk has occurred and takes steps to minimize the effect of the loss. The use of automatic fire sprinkler systems fits into this category. Once the fire has started, the sprinklers operate to reduce the impact of the fire.
Financial risk control
　　We now turn our attention to financial mechanisms⁹ which can be used to control risk. These can be divided into two categories.
Risk retention¹⁰
　　Once the risk has been identified and controlled in some physical way, it will be necessary to consider how the effects are to be financed, should the worst happen.
　　In certain situations, it may be wise to retain the risk rather than to seek another form of protection, such as insurance. We have already mentioned the problems associated with insuring high frequency, low severity events and they certainly fall into the self-retention category. The cost of these events could be paid for out of current income and passed on to the customer via the price of the product (or service) , which is offered by the organization. Alternatively a fund could be established, out of which the losses are to be paid.
Risk transfer
　　Insurance is a risk transfer mechanism⁸ by which an organization can exchange its uncertainty¹¹ for certainty. The uncertainty experienced would include whether a loss will occur, when it will take place, how severe it will be and how frequent there might be in a year. This uncertainty makes it very difficult to budget and so the organization seeks ways of controlling the financial effect of the risk. Insurance offers the opportunity to exchange this uncertain loss for a certain loss: the insurance premium¹². The organization agrees to pay a fixed¹³ premium, in return, the insurance company agrees to meet any losses which fall within the terms of the policy. This is a risk transfer mechanism which is of immense value not only to industry, but also to individuals.  　　在过去的几十年我们已经看到对于这些风险的管理方法越来越趋于稳定。出现了风险管理的原则。我们可以把风险管理定义为“对那些会威胁企业资产和收入能力的风险进行识别、分析和经济控制”。
　　这个定义十分有用，因为它强调，如果商业环境出现风险而必须进行管理时，要用系统的方法来管理。
　　定义中已经强调了风险管理的三方面。风险在估计前必须先识别，只有估计出它们的影响后，我们才能决定出控制它们的最有效的方法。
　　不管我们决定怎样控制风险，都必须是“经济”的。花费10英磅去控制只需花费5英磅的风险是没有意义的，停止控制风险才有意义。
　　定义涉及一个组织机构的资产和收人能力。这些资产可以是物质的也可以是人力的，两者都很重要。而且必须看到，风险管理对这两者都起作用。然而风险不只是直接影响资产，为此定义中也涉及了企业的收人能力。
　　要注意定义中用的词是“企业”而不是用其他的像“公司”或“制造商”这样限制性的词。风险管理的原则在服务部门的应用跟在制造部门的应用是一样的，并且在社会公共领域和私人领域中同等重要。
　　就风险识别而言，我们必须记得要从宏观上来看。我们不仅只是关心什么能被保，或者什么能被控制。我们从最基本的问题开始，“企业的资产和收入能力怎样受到威胁?”从这点出发丝毫不会限制我们要寻找什么样的风险。我们必须毫不隐瞒地开始这项任务，积极识别妨碍一个企业达到其目标的所有方面。
　　我们可以说，要有效进行风险识别至少有两个要点。
　　第一，必须认识到风险的识别在企业内部是很重要的。这时，这一点经常被纳入某个经理的工作范畴。
　　第二，负责风险识别的人员必须配备有关的“技术工具”，并且必须利用这些工具。
　　一旦识别有风险，就要采取措施估计风险对企业的潜在影响。风险估计的实际做法是首先要收集信息，然后分析以往经验，再通过数据掌握一个企业所暴露出来的风险频率和(或)幅度。
　　我们可以把整个风险领域划分为物质上的风险控制和财务上的风险控制。
物质上的风险控制
　　这里我们关心的是可以采取什么样的物质措施控制风险。第一步必须是尽可能地减轻风险的程度。一旦事件发生，就意味着事情发生的可能性以及事情的严重程度。我们可以看到至少有两种方法可以减少风险。
防损
　　在事件发生前采取措施把风险降到最低是可能的。防损就是预测损失并采取措施以保证风险保持在最低。
　　对此，开车系安全带就是一个很好的个人的例子。这就是进行了风险预测，然后采取了系安全带的防灾举措。预测了可能发生的损失，系上安全带就是采取了损失控制措施。
　　机器上运用安全防御措施也是一样。没有发生伤亡，但还是会采取措施减少伤亡危险。
减损
　　这种风险控制则是想象风险已经发生，然后要采取措施把损失造成的影响降到最低。火灾自动洒水系统的运用就属于这种风险控制。—旦火灾开始，洒水系统就会启动以减少火灾造成的影响。
财务上的风险控制
　　我们现在要注意看的是控制风险的财务方法。它可以分为两类。
风险自留
　　一旦风险被确认并且用某种自然方法进行了控制，就有必要考虑如果发生最糟的情形将要怎样用金钱计算出其产生的影响。
　　在某些情况下，保留风险而不去寻求另一种保护，例如保险，是明智的。我们已经提到过一些跟高频率低幅度的事件有关的风险，它们肯定归入自我保留一类。这些事件的费用可以从现有收入中扣除，并且以企业提供的产品(或服务)的价钱传递给消费者。或者可以建立一笔基金，从中支出损失。
风险转移
　　保险是一种风险转移过程。通过它，一个企业可以把它的不确定性转换成确定性。常有的不确定性包括：损失是否会发生，什么时候会发生，会有多严重，一个时期内会发生多少次。这种不确定性使得预算变得非常困难，所以企业找寻控制财务支出的方法以及把不确定损失转换成确定损失的机会，即保险保费。企业同意支付一定数额的保费，反过来，保险公司同意承担保单条款范围内的任何损失。这是一个风险转移过程，不只是对某行业而且对个人都很有利。

上一篇：TopicTheWorldExpo关注世博会 下一篇：TheClassificationofRisk风险的分类