101 Rules of RISK

Note well...

Note well that these are 101 Rules of Risk Management, not THE 101 Rules. They were pulled together by the late Tom Hallet when he was with the late Frank B. Hall and Company. Our thanks to Tom and the group of pioneer Risk Managers who collaborated in this effort.
Jim Gunther


1. An organization’s risk management program must be tailored to its overall objectives and should change when those objectives change.

2. If you are in a “safe” business (relatively immune from depression bankruptcy, or shifts in product markets), your risk management program can be more “risky” and less costly.

3. Don’t risk more than you can afford to lose.

4. Don’t risk a lot for a little.

5. Consider the odds of an occurrence.

6. Have clearly defined objectives that are consistent with corporate objectives.

7. The Risk Management Department as a user of services should award business on the basis of ability to perform.

8. For any significant loss exposure, neither loss control nor loss financing alone is enough; control and financing must be combined right proportion.


Risk Identification and Measurement

9. Review financial statements to help identify and measure risks.

10. Use flow charts to identify sole source suppliers or other contingent business interruption exposures.

11. To more fully identify and assess risks, you must visit the plants and relate to operational people.

12. A reliable database is essential to estimate probability and severity.

13. Accurate and timely risk information reduces risk, in and of itself.

14. The risk manager should be involved in the purchase or design of any new operation to assure that there are no built-in risk management problems.

15. Be certain environmental risks are evaluated in mergers, acquisitions and joint ventures.

16. Select hazardous waste contractors on their risk control measures and their financial stability or insurance protection.

17. Look for incidental involvement in critical risk areas (i.e., aircraft and nuclear products, medical malpractice, engineering design, etc.). RISK CONTROL

18. Risk Control works. It is cost effective and helps control local operating costs.

19. The first (and incontrovertible) reason for risk control is preservation of life.

20. A Property Conservation program should be designed to protect corporate assets – NOT the underwriter.

21. Be mindful that key plants and sole source suppliers may need protection above and beyond normal H.P.R. requirements.

22. Use the risk control services of your broker and carrier as an extension of your corporate program. Don’t let them go off on a tangent.

23. Quality control should NOT be a substitute for a full product liability control program. Quality control only assures the product is made according to specifications, whether good or bad.

24. Most of the safety-related “standards” of governmental agencies should be considered as minimum requirements.

25. Duplicate and separately store valuable papers and back-up data processing media.

26. Avoid travel by multiple executives in a single aircraft.


Risk Financing

27. Risk Management should focus on two separate zones of risk relative to the maximum dollar loss the company can survive from a single occurrence:
a) below this level-optimize the use of insurance relative to current cost.

b) above this level-transfer risk (usually insurance) to maximum extent possible-cost effectiveness is not a criterion in this zone; SURVIVAL is.

28. An entity with an unlimited budget can benefit from adopting all risk management measures that have benefits to the entity with an expected present value greater than the expected present value of cost of those measures to that entity.

29. When, for budgetary or practical reasons, an entity must chose between mutually exclusive risk management measures, the entity should chose that measure which offers it the greater excess of benefits over costs, when both benefits and costs are expressed as expected present values.

30. Competitive bidding which causes market disruption should be avoided.

31. Never depend solely on someone else’s insurance.

32. Retrospective rating plans of more than one year hamper flexibility.

33. A tax advantage should be considered a “PLUS”-not a principal reason for a risk financing decision.

34. Risk taking presents an opportunity for economic gain.


Claims Management

35. The risk manager should be notified immediately (within 24 hours) of any major loss or potential loss.

36. Major liability claims should be reviewed for adequacy of investigation and accuracy of the reserve.

37. Be careful of local plant involvement in property and liability claims. Local personnel may be too defensive to properly review a major claim.

38. Request early advance payments on large Property and Business Interruption losses.

39. Secure several estimates or an appraisal of self-insured vehicle physical damage losses.

40. Aggressive claims subrogation (insured and self-insured) reduces costs.

41. A claim and disability management program directed toward getting the employee back to work as soon as possible can save money even though the employee cannot do all phases of the job.

42. Periodically audit claims reserves of insurers and T.P.A.’s.

43. The best claim is a closed claim.


Employee Benefits

44. The provisions and costs of Employee Benefit programs should be clearly and frequently communicated to employees.

45. When installing a new benefit plan, it is harder to reduce benefits than to improve them later on.

46. A poor employee benefit program can generate more employee relations problems than no plan at all.

47. Employee contributions, even small ones, can help you assess the real popularity of a benefit plan.

48. Know the benefit plans of the companies with whom you compete for labor.

49. Benefit consultants and brokers are not efficient replacements for in-house staff functions.

50. Collective bargaining of employee benefits should involve corporate benefit professionals.

51. Legislation and regulation are intensifying in the employee benefit field. Make your company’s opinions known to the government BEFORE legislation in enacted.



52. The ultimate cost of any pension plan is equal to the benefits paid, plus the cost of administration, less any investment earnings of the fund.

53. For the most part, different actuarial methods and/or assumptions may alter the incidence of cost, but seldom alter the ultimate level of cost.

54. Clearly identify your corporate objectives with respect to your Retirement program. Recognize that Retirement plans are long-term obligations that will span many political, economic, and social environments.

55. Recognize that retirement plans are long-term obligations that will span many political, economic and social environments.

56. Identify the nature and extent of pension liability prior to any acquisition or divestiture.

57. Establish formal investment objectives with respect to your pension funds that define risk, diversification, and absolute performance parameters.

58. Monitor the performance of your pension fund in the context of your investment objectives.

59. Identify and monitor your corporate exposure as a result of participation in any industry-wide Multi-Employer Pension Plans.



60. Multinational organizations should step up to their international risk management responsibilities. 

61. Establish a worldwide risk and insurance management program; don’t rely totally on a Difference in Conditions approach.

62. A combination of admitted and non-admitted insurance usually provides the best overall international program.

63. Avoid the use of long-term insurance policies overseas.

64. Be sensitive to and don’t underestimate nationalism when implementing a worldwide risk management program.

65. Don’t ignore local objections to worldwide programs.



66. Establish a level of authority via a management policy statement. 

67. Prepare and universally distribute a Corporate Risk Management Manual.

68. Set up realistic annual objectives with your brokers, underwriters and vendors and measure their accomplishments and results.

69. Verify the accuracy of all relevant information you receive.

70. Read every insurance policy carefully.

71. Keep program design simple.

72. Consolidate-where it makes sense to do so.

73. Develop record retention procedures.

74. Keep inter-company premium allocations confidential.

75. Establish administrative procedures in writing.



76. Insurance policy provisions should be uniform as to named insured, notice and cancellation clauses, territory, etc. 77. The “notice” provision in all insurance policies should be modified to mean notice to a specific individual.

78. Primary policies with annual aggregates should have policy periods that coincide with excess policies.

79. Joint loss agreements should be obtained from Fire and Boiler & Machinery insurers.

80. Add “drive other car” protection to your corporate auto insurance.

81. Eliminate coinsurance clauses.

82. Know the implications of and differences between “claims made” and “pay on behalf of” liability contracts.

83. Risks accepted under contracts are not necessarily covered under contractual liability contracts.

84. Add employees as insureds to liability contracts. Use discretionary language to avoid defending hostile persons.



85. All communication providing or requesting information should be expressed in clear, objective language, leaving no room for individual interpretation.

86. All communications and relationships should be conducted with due consideration to proprietary information.

87. Communicate effectively up and down and avoid management surprises.

88. Don’t TELL senior management anything-ask them, counsel them, and inform them.

89. Communicate in business language; avoid insurance jargon.

90. Obtain letters of intent or interpretations regarding agreements (coverage or administrative) which are outside of and/or in addition to actual insurance or service contracts. Never rely on verbal agreements.

91. The immediate supervisor to the risk management function should be educated in the principles of risk management.

92. Communicate every insurance exclusion and non-insurance implication to your management.

93. In competitive bidding situations, advise each competitor that the first bid is the only bid and stick to it.

94. Risk Managers should meet with underwriters rather than relying totally on others for market communications.



95. The Risk Manager (and his corporation) should avoid developing the reputation of a “shopper” or “market burner”. This reputation can be detrimental to the corporation’s best interests and the Risk Manager’s credibility.

96. Determine your personal level of risk aversion and temper intuitive judgments up or down accordingly.

97. Program design will always be a function of CURRENT practicalities tempered by management’s level of risk aversion.

98. Everyone is in business to make a fair profit.

99. Long term, good faith relationships are not obsolete.

100. Integrity is not out of style.

101. Common sense is still the single most important ingredient in risk management!


Public domain...

To the best of my knowledge this material is in the public domain and, as such, may be freely distributed. As I went to a fair amount of effort to transcribe and format this material, I would appreciate an acknowledgment should you post it on your Web site. I can be contacted at  [email protected].
Jim Gunther, Principal
Harvard Aimes Group

An Invitation to Keep in Touch!

Harvard Aimes Group

6 Holcomb Street
West Haven, CT 06516

TEL: (203) 933-1976
 [email protected]

©1999, 2020 Harvard Aimes Group, All Rights Reserved