Since September 11, risk managers have focused on man-made risk. However, Ron Hamburger explains the greater danger of natural catastrophes, particularly earthquakes, and how their risk should be assessed and handled.
Since September 11, 2001, the public's perception of risk and the primary sources of risk have changed dramatically. Today, everyone is concerned about terror-related risk, whether it comes in the form of explosive devices or biohazards. The attacks on New York and Washington were indeed terrible and a great tragedy made even worse by the fact that rather than being the result of some natural disaster, they were ruthlessly planned and executed by man.
However, in comparison with the losses frequently associated with natural disasters, such as hurricanes and earthquakes, the life and economic loss associated with these attacks were not unequaled. The economic losses from the Northridge and Kobe earthquakes each exceeded the economic losses associated with the World Trade Center disaster. Even the life losses due to the September 11 attacks have been greatly exceeded by many natural disasters, including each of the 1985 Mexico City, 1988 Armenia, and 1999 Izmit earthquakes.
The events of September 11 were horrible and were made even more so by the fact that we could all watch the events unfold before our eyes over and over again. However, risk managers would be prudent not to be distracted by their response to this new perceived risk of potential terror attack, to the exclusion of consideration of all other risks.
One of the major consequences of September 11 on most businesses is the effect on the availability and cost of catastrophic insurance. The insurance market has tightened considerably and facility coverage for earthquake and other catastrophic losses is either unavailable in sufficient quantity for high value risks or is too expensive to procure. Thus, this is an appropriate time to review alternatives to risk transfer as a means of managing potential earthquake and other catastrophic risk.
There are five basic steps to any intelligently defined risk management program, regardless of the peril addressed. These include (1) understanding the current level of risk exposure; (2) assessing the acceptability of this risk, (3) evaluating alternative risk mitigation approaches; (4) selecting an appropriate approach; and (5) implementing the approach.
Step 1—The Risk Audit: Understanding the Risk
It is impossible to make informed choices with regard to managing the risk associated with any hazard unless the risk is first understood. Simply stated, risk is the product of the probability that an event of a given severity will be experienced and the likely consequences of that event should it occur.
Risk may be expressed in several ways including (1) the probability that losses due to a given peril will be exceed a specified amount in a given period of time; (2) the average annualized loss considering all events that could occur; and (3) the maximum loss that could occur, given that a specific level of peril is experienced. Losses can be expressed in several forms, including loss of life and economic loss. The best way to express these various losses depends on the decision model that the risk manager prefers to use in deciding between alternative mitigation approaches.
For earthquake risk, two measures of risk are probably most appropriate. The first of these is the scenario-based estimate. In this approach, a specific earthquake is assumed to occur, and the potential losses from this event are estimated. For this approach to be meaningful, the event selected must both be realistic and reasonably likely to occur. In the case of earthquakes, this approach is most commonly used in regions close to known active faults where it is assured that events of a given size will occur, the only question is when it will actually happen. The second approach is more commonly used in areas where a specific scenario event is difficult to define.
Although it was once more guesswork than science, estimation of earthquake risk today is straightforward and economical to perform. In fact, sufficient guidelines have been published on this method to permit many organizations with in-house engineering capability to perform this task themselves. The hazard, that is the likely recurrence of events of different intensities, has been studied by numerous government agencies. In the United States for example, the U.S. Geologic Survey operates a website that allows users to determine the risk of given intensities of ground shaking at any site in the United States simply by entering a postal code or geographic coordinates.
The vulnerability of different classes of facilities is also well understood, and several publications, such as FEMA-154, are available to assist in determining the likely levels of damage, given that certain hazards occur. For those risk managers without access to in-house facilities engineering capability, many engineering consulting firms offer risk audit services at a reasonable cost.
Step 2—Assessing the Acceptability of the Risk
This step is perhaps the most important. Once the risk is known, the risk manager must determine whether it is acceptable. However, the perception of risk acceptability is often quite subjective. What is acceptable to one organization or manager may be totally unacceptable to another.
Most agree that significant probability of loss of life is unacceptable. Once the risk of loss of life is reduced to suitably low thresholds, the acceptability of risk remains largely an economic issue. Some managers will weigh the probable cost of mitigating a risk against the economic loss associated with the risk itself. If the mitigation cost is below the benefit received in reduced loss exposure, than some mitigation makes sense. Other managers will determine to mitigate based on a consideration of risk of ruin. That is, as long as potential loss is not complete, with the enterprise going out of business, the risk is judged acceptable as the enterprise is deemed capable of recovery.
Step 3—Evaluating Alternatives
The risk manager can select from a wide range of alternatives to mitigate earthquake risk. These include transferring the risk to others through acquisition of insurance, hardening facilities so that the probable loss given an event is reduced, diversifying the portfolio of holdings so that only a small percentage of an organization's assets is simultaneously at risk, and emergency response planning, so that the losses that actually occur in an event are minimized. Most risk managers will want to select from several of these.
In addition to determining the specifics of these feasible options, it is also necessary to determine their probable costs and other impacts. Most of these mitigation approaches can be explored using the manager's own resources. However, to determine the feasible options for hardening facilities and the cost of hardening, assistance from a structural engineering consultant will typically be required.
Step 4—Selecting an Appropriate Alternative
There is no single preferred risk mitigation alternative for all organizations. The best choice depends on the individual organization's status, its risk, its tolerance for risk, and the costs associated with the various approaches. Increasingly, risk-transfer, through purchase of insurance is becoming an undesirable choice, due to the lack of cover available on the market and its high cost. Many risk managers, therefore will want to look to alternative mitigation measures.
Step 5—Implementing the Measures
No matter how good the plan, unless the mitigation measures are actually implemented, there is no benefit. Implementation does not have to be immediate. The chance that an earthquake will actually occur at any specific facility in a period of a few years is low. However, it is also real. The best approach to implementing mitigation alternatives is to coordinate them with other management programs, including facility modernization, plant expansion, and product diversification. There is time to act, but this time is not infinite. The time to begin to act is now.
Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.