The Use of Insurance

Before moving on, I want to emphasise at this stage one key point made in the answer to the exercise on the “4Ts” approach. This is that traditional internal control systems are designed to reduce probability risk – in other words, the likelihood that an event will materialise in a given timeframe. Traditional controls should not be relied upon to reduce the impact of an event, if that event should ever in fact come about. The potential extent or otherwise of the impact of an event is of course of critical importance to any organisation. So, in order to reduce impact risk it is vital that senior management understands the importance of contingency plans and risk transfer mechanisms. The most common use of contingency planning in business today is around the design, communication and testing of disaster recovery plans. This is a critical part of resiliency. Of equal importance to successful risk management is how effectively an organisation is able to utilise the most important risk transfer mechanism in business – insurance.

Insurance plays a very important part in the management of fraud risk too, especially fidelity insurance cover in the event of senior people acting dishonestly. As we have seen, the greatest risk to an organisation from fraud actually resides at the top of the organisation – from owners, directors, senior managers etc. These are the people who have the power within organisations to override controls and the ability to conceal fraud. So, ...