Key Takeaways
- The risk management process follows five steps: identify, evaluate, select technique, implement, and monitor
- The STARR method provides five risk management techniques: Share, Transfer, Avoidance, Reduction, and Retention
- High-severity, low-frequency risks are best managed through insurance (risk transfer)
- High-severity, high-frequency risks should be avoided entirely
- Low-severity risks can often be retained (self-insured) to save on premium costs
- Risk management is continuous—plans must be monitored and updated as circumstances change
Risk Management Process
Effective risk management follows a systematic process that helps financial planners and their clients identify, evaluate, and address potential risks. The CFP exam tests your understanding of this process and your ability to recommend appropriate risk management strategies based on the characteristics of different risks.
The Five-Step Risk Management Process
The risk management process consists of five interconnected steps. Each step builds on the previous one, creating a comprehensive approach to protecting clients from financial loss.
Step 1: Identify Risks and Exposures
The first step involves identifying all potential risks that could cause financial harm to the client. This requires a thorough analysis of the client's personal and financial situation.
Categories of personal risk exposures:
| Risk Category | Examples | Potential Impact |
|---|---|---|
| Personal/Health | Death, disability, critical illness, long-term care needs | Loss of income, medical expenses, care costs |
| Property | Home damage, auto accidents, theft, natural disasters | Repair/replacement costs, loss of assets |
| Liability | Negligence claims, professional errors, auto accidents | Legal costs, judgments, asset depletion |
| Income | Job loss, business failure, economic downturns | Reduced cash flow, inability to meet obligations |
Key questions for risk identification:
- What assets does the client own that could be damaged or destroyed?
- What income sources could be interrupted?
- Who depends on the client financially?
- What activities create liability exposure?
- What contractual obligations create risk?
Step 2: Evaluate Risk Severity and Frequency
After identifying risks, the next step is to evaluate each risk based on two critical factors:
Frequency (Probability): How likely is the risk to occur?
- High frequency: Likely to happen regularly
- Low frequency: Unlikely to occur or happens rarely
Severity (Impact): How significant is the potential financial loss?
- High severity: Could cause significant financial hardship or ruin
- Low severity: Would cause minor inconvenience or manageable expense
This analysis creates a risk matrix that guides the selection of appropriate risk management techniques:
| High Frequency | Low Frequency | |
|---|---|---|
| High Severity | AVOID | TRANSFER (Insurance) |
| Low Severity | REDUCE/RETAIN | RETAIN |
Exam Tip: The Risk Matrix
This frequency-severity matrix is heavily tested on the CFP exam. Memorize it! When presented with a risk scenario, first classify the risk by frequency and severity, then select the appropriate technique from the matrix.
Examples by quadrant:
- High Severity/High Frequency: Operating a business with known safety hazards -> AVOID
- High Severity/Low Frequency: Death of the primary wage earner -> INSURANCE
- Low Severity/High Frequency: Minor car scratches and dings -> RETENTION/REDUCTION
- Low Severity/Low Frequency: Losing a $20 bill -> RETENTION
Step 3: Select Risk Management Technique
Based on the frequency and severity evaluation, select the most appropriate risk management technique. The STARR method provides a framework for this decision.
The STARR Method
STARR is an acronym representing five risk management techniques. Each technique is appropriate for different types of risks based on their frequency and severity characteristics.
S - Share
Risk sharing means dividing the financial burden of a potential loss between the individual and another party (typically an insurance company).
How it works:
- The client purchases insurance but retains a portion of the risk through deductibles and coinsurance
- Higher deductibles mean more risk sharing by the client
- Lower premiums result from the client assuming more risk
Example: A client needs $500,000 of liability protection. They purchase a policy with a $5,000 deductible, sharing the first $5,000 of any loss with the insurer.
When to use: Appropriate for moderate-severity risks where the client can afford to absorb smaller losses to reduce premium costs.
T - Transfer
Risk transfer shifts the entire financial burden of a potential loss to another party, typically through insurance.
How it works:
- Client pays premiums to an insurance company
- Insurance company assumes responsibility for covered losses
- Most comprehensive form of protection
Example: A client purchases a $1 million umbrella liability policy. If a lawsuit results in a $750,000 judgment, the insurance company pays the entire amount (above underlying coverage limits).
When to use: Best for high-severity, low-frequency risks where a loss could be financially catastrophic. This is the primary purpose of insurance.
Types of risk transfer:
| Method | Description | Example |
|---|---|---|
| Insurance | Contractual transfer to insurer | Life, health, property, liability policies |
| Hold-harmless agreements | Contractual shift to another party | Construction contracts, rental agreements |
| Hedging | Financial instruments to offset risk | Futures, options (for speculative risks) |
A - Avoidance
Risk avoidance eliminates the risk entirely by not engaging in the activity that creates the exposure.
How it works:
- The client chooses not to participate in risky activities
- Eliminates both the risk and the potential benefits of the activity
Examples:
- Not owning a swimming pool to avoid drowning liability
- Not driving to avoid auto accidents
- Not investing in volatile securities to avoid market losses
When to use: Best for high-severity, high-frequency risks where the potential loss is too great and too likely. Also appropriate when the cost of insurance is prohibitive or coverage is unavailable.
Limitations: Avoidance may not be practical for many risks (you cannot avoid the risk of death), and avoiding all risk means missing opportunities.
R - Reduction
Risk reduction (also called loss control) involves taking steps to decrease either the frequency or the severity of potential losses.
How it works:
- Loss prevention: Reduces the likelihood of a loss occurring
- Loss minimization: Reduces the severity if a loss does occur
Examples:
| Type | Action | Effect |
|---|---|---|
| Loss Prevention | Installing smoke detectors | Reduces fire frequency |
| Loss Prevention | Regular exercise and health screenings | Reduces illness frequency |
| Loss Prevention | Defensive driving courses | Reduces accident frequency |
| Loss Minimization | Installing sprinkler systems | Reduces fire damage severity |
| Loss Minimization | Wearing seatbelts | Reduces injury severity |
| Loss Minimization | Emergency savings fund | Reduces financial impact |
When to use: Appropriate for risks that cannot be avoided or fully transferred. Risk reduction often works alongside other techniques—for example, reducing risk to qualify for lower insurance premiums.
R - Retention
Risk retention (also called self-insurance) means the client accepts responsibility for the financial consequences of a potential loss.
How it works:
- Client does not purchase insurance for the risk
- Client pays for losses out of pocket when they occur
- May be intentional (deliberate choice) or unintentional (failure to identify risk)
Examples:
- Choosing a high deductible on insurance policies
- Not purchasing collision coverage on an old car
- Self-insuring for small health expenses through an HSA
- Setting aside emergency funds for unexpected expenses
When to use: Best for low-severity risks where the potential loss is manageable and the cost of insurance would exceed the expected loss over time.
Requirements for successful retention:
- Sufficient emergency funds or cash reserves
- Multiple small risks (similar to how insurers spread risk)
- Clear understanding of maximum potential loss
STARR Method Summary Table
| Technique | Definition | Best For | Example |
|---|---|---|---|
| Share | Divide risk with insurer | Moderate risks; cost management | High-deductible health plan |
| Transfer | Shift entire risk to insurer | High severity, low frequency | Life insurance, umbrella policy |
| Avoidance | Eliminate the risk entirely | High severity, high frequency | Not owning dangerous property |
| Reduction | Decrease frequency or severity | All risks; works with other techniques | Smoke detectors, healthy lifestyle |
| Retention | Accept and self-insure | Low severity risks | Emergency fund, high deductibles |
Step 4: Implement the Risk Management Plan
After selecting appropriate techniques, the plan must be implemented. This involves:
For insurance-based solutions:
- Selecting appropriate policy types and coverage limits
- Choosing appropriate deductibles and coinsurance levels
- Comparing policies and insurers
- Completing applications and underwriting
- Paying premiums and maintaining coverage
For non-insurance solutions:
- Establishing emergency funds
- Implementing loss prevention measures
- Drafting legal agreements (for contractual transfer)
- Modifying behavior (for avoidance)
Implementation considerations:
- Coordinate coverage to avoid gaps and overlaps
- Balance premium costs against protection needs
- Ensure client understands policy provisions and exclusions
- Maintain proper documentation
Step 5: Monitor and Review
Risk management is not a one-time event. The final step involves ongoing monitoring and periodic review to ensure the plan remains appropriate.
When to review:
- Major life events (marriage, divorce, birth of children)
- Changes in income or assets
- Purchase of significant property
- New business ventures or career changes
- Policy renewals
- Changes in laws or regulations
What to review:
- Coverage adequacy—do limits still match exposure?
- Premium competitiveness—are rates still reasonable?
- Policy provisions—do terms still meet needs?
- New risks—have any new exposures emerged?
- Eliminated risks—are any coverages no longer needed?
| Review Trigger | Action Items |
|---|---|
| Annual review | Compare coverage to current needs, check for better rates |
| Life event | Adjust beneficiaries, coverage amounts, new policies |
| Asset acquisition | Add coverage, update limits, review liability exposure |
| Claim experience | Evaluate if risk reduction measures are needed |
Practical Application: Risk Management Matrix
When evaluating a client's risks, use this decision matrix to select the appropriate STARR technique:
| Risk Characteristic | Recommended Technique | Rationale |
|---|---|---|
| High severity + Low frequency | Transfer (Insurance) | Financial impact too great to self-insure; infrequent enough to be affordable |
| High severity + High frequency | Avoid | Too expensive to insure; too dangerous to accept |
| Low severity + High frequency | Reduce or Retain | Manage through prevention and self-insurance |
| Low severity + Low frequency | Retain | Not cost-effective to insure; manageable if occurs |
Exam Tip: Application Questions
The CFP exam presents scenarios requiring you to recommend the best risk management technique. Follow this process:
- Classify the risk (pure vs. speculative)
- Assess frequency (how likely?)
- Assess severity (how bad?)
- Match to the appropriate STARR technique using the matrix
- Consider the client's financial resources and risk tolerance
Example scenario: A 16-year-old's parent buys her a 1970 VW Bug worth $1,000. What is the best way to manage the risk of collision damage?
Analysis: This is a pure risk (only loss or no loss possible). The frequency of minor accidents for teenage drivers is relatively high. The severity is low ($1,000 maximum loss). Using the matrix: Low severity + potentially high frequency = Retention. The parent should retain this risk rather than pay collision premiums that might exceed the car's value.
Key Terms Summary
| Term | Definition |
|---|---|
| Risk Identification | Process of discovering potential sources of financial loss |
| Risk Evaluation | Assessing the frequency and severity of identified risks |
| Frequency | How likely a risk is to occur (probability) |
| Severity | The financial impact if a risk occurs (magnitude) |
| Risk Transfer | Shifting financial responsibility to another party |
| Risk Avoidance | Eliminating exposure by not engaging in risky activity |
| Risk Reduction | Decreasing the likelihood or impact of losses |
| Risk Retention | Accepting and self-insuring potential losses |
| Loss Prevention | Actions that reduce the probability of loss |
| Loss Minimization | Actions that reduce the severity of loss |
A client owns a $2,000 used car and is considering whether to purchase collision coverage with a $500 deductible and annual premium of $400. Using risk management principles, which approach is most appropriate?
According to the risk management matrix, which type of risk is BEST managed through insurance?
Which of the following is an example of loss reduction (as opposed to loss prevention)?