Retention of risk

From CEOpedia | Management online
Retention of risk
See also

Retention of risk is one of the strategy for managing an identified risk. This treatment strategy involves assuming the potential losses associated with a given risk and making plans to cover the financial consequences of such losses. The retention options open to health care organisations include the current expensing of losses, using an unfunded loss reserve (an accounting entry denoting a potential liability to pay for a loss), using a funded loss reserve (a reserve backed by set-aside funds within the organization), borrowing funds to pay for losses, and providing insurance through an affiliated captive insurer. Another (less thought of) form of risk retention occurs when the risk of exposure to loss is unknown and has not been identified by the organisation if risk management professional, and therefore the opportunity to evaluate appropriate risk financing strategies is lost. Failure to identify a risk will result in unwitting risk retention unless insurance coverage is available under an existing policy. Risk retention is most appropriate for managing[1]:

  • risks that cannot be otherwise reduced, transferred, or avoided
  • risks for which the probability of loss is not great and for which the potential consequences are within the institution's ability to self-fund
  • losses that are quantifiable and predictable
  • small risks (such as missing dentures and eyeglasses) for which the purchase of cost-effective insurance coverage might not be feasible.

Risk retention means accepting the consequences. Retention can be active(e.g. by developing a contingency plan for execution should the risk event occur) or passive, e.g. by accepting lower a profit if some activities overrun[2].

Subcategories of retention of risk

Risk retention involves intentionally or unintentionally retaining the responsibility or burden for a specified risk. Risk retention is made up of two subcategories[3]:

  • risk retention with knowledge, which is often referred to as the self-insurance approach
  • risk retention without knowledge, which is caused by inadequate hazard identification and risk assessment.

Risk retention with knowledge

Risk retention with knowledge or self-insurance occurs where an organisation consciously accepts and retains a risk and deals with it by establishing an internal insurance fund. Usually such a decision will be taken only by large organizations, which may already have qualified insurance personnel capable of administering an insurance fund. Only those losses that are predictable through probabilistic calculations should be retained within an organisation. This approach can be used effectively by larger organisations-in particular where the company has a large portfolio of risks. It is important, however, for companies to avoid those situations where a single large risk could result in the company ending in bankruptcy. It is also important that a company does establish an insurance fund as part of the self-insurance approach, in order to cover potential liabilities, rather than just hoping that the liability situation will not arise or can be dealt with if and when it occurs[4].

Risk retention without knowledge

Unidentified hazards and risks can arise from simple sources, such as inappropriate equipment and computer systems, ineffective permits to work and customer care procedures, and inadequate employee competence and training. It is essential, therefore, to keep organisational risks constantly under review, ensuring that any omissions identified are investigated and rectified. The second way in which risks can be retained, without knowledge, within an organisation is through inadequate risk assessment. Although hazards may have been identified, the level of the residual risk associated with the hazards can be underestimated. This problem is often encountered where[5]:

  • employees without adequate experience of the hazards have carried out the risk assessment
  • risk assessors have received inadequate training
  • risk assessment and risk evaluation standards have not been defined within the company.


  1. American Society for Healthcare Risk Management (Ashrm) 2009, page 19
  2. Albert Hamilton 2010, page 482
  3. Colin Fuller, Luise H. Vassie 2004, page 40
  4. Colin Fuller, Luise H. Vassie 2004, page 40
  5. Colin Fuller, Luise H. Vassie 2004, page 40


Author: Dominika Grzyb