All posts tagged risk management

Revisit Risk Response Plans in Light of Emerging Threats


There’s a lot going on in the world and the risks are changing and evolving rapidly, making it difficult for many companies to adjust and manage the risks they face effectively.

Some risks that barely registered a decade ago now pose serious challenges to many businesses. There are novel technological risks with new threats constantly arising in the cyber world, economic and market volatility, terrorism, regulatory and legal challenges, supply chain vulnerability and political uncertainty.

These risks can all be real for any business and it’s important that you and your manager sit down and try to identify the potential threats that could affect your operation, assess their likelihood and how your organization can reduce the effects of these events.

By understanding potential risks to your business and finding ways to minimize their impacts, you can ensure that your company recovers quickly after an incident.

Of course, risks vary from business to business and across industries, so there is no one-size-fits-all risk management plan. However, the methods for identifying risks and making a management plan are the same.

This guide outlines the steps involved in preparing a risk management plan and a business impact analysis for your organization.


Identifying risks

The first step in preparing a risk management plan is to identify potential risks to your business. This will help you develop appropriate strategies for dealing with them.

This stage requires thinking outside the box and not looking at the obvious.

  1. Think about your critical business activities, including your key services, resources and staff, and things that could affect them, such as power failures, terrorism, a cyber attack that incapacitates your network, natural disaster and illness.
  2. Brainstorm with staff from various parts of your organization – operations, accounting, legal, logistics and other sections – to identify as many potential risks as possible. Don’t leave anything on the table because it’s too outlandish.
  3. Review your business plan and think about what you couldn’t do without, and what type of incidents could affect these areas.
  4. This includes considering what you would you do if:
  • You lost power supply.
  • You had no access to the Internet.
  • Important documents were destroyed.
  • Your facilities were damaged or you were unable to access them.
  • A key supplier was unable to deliver product to you.
  • The area your business is in was hit by a natural disaster.
  1. Consider the worst-case scenario. This could be the result of several incidents occurring simultaneously or as part of a chain reaction. For example, your cold storage warehouse could lose power, which could cause perishables to spoil, which in turn could lead to your restaurant clients’ customers contacting food poisoning.


Formulating responses

Once you’ve identified risks for your business, you should assess the likelihood that they could occur.

A good strategy is to rank risks based on which ones would cause minor problems, through to major ones that would have to be tackled immediately. You should also try to figure out the likelihood of each of these risks occurring by looking at case studies of your industry.

You should correlate this with the damage each of the risks would do to your business should they occur.

With these factors in mind, you can rank the risks you should address first – and go down the list from there.


Risk management plans

You start by implementing strategies to reduce the chances of your top threats occurring in the first place. You can do this through:

  • Quality control processes
  • Auditing
  • Compliance with legislation
  • Staff training
  • Regular maintenance
  • Changing procedures


Next you should formulate responses that you can implement quickly after an incident, such as:

  • Emergency procedures
  • Off-site data backup and storage
  • Identifying alternate suppliers
  • Risk transfer, like outsourcing
  • Cross-training staff so that more than one person knows how to do a certain task
  • Keeping old equipment after it is replaced so you have backup, and practicing doing things manually in case your computer networks or other equipment can’t be used


Secure proper insurance

If you have concerns about any of the risks you have identified and are unsure whether your current insurance would cover them, you should call us.

Here are a few insurance solutions to common risks:

  • Coverage for the loss of income if customers affected by the crisis stop ordering your product or service
  • Coverage for loss of your customers’ goods or materials
  • Coverage to replace lost income if one of your suppliers is hit by a crisis and can’t deliver product to your firm


Think like a risk manager to reduce your insurance costs

All large corporations and national businesses have someone in charge of risk management, if not a whole department.

But hiring a risk specialist or dedicating a number of employees to that kind of work is typically too expensive for most small and mid-sized companies. So, this risk mitigation typically is left to the business owner or the duties are spread among senior managers.

One way that you can reduce the risk to your finances is to purchase appropriate insurance coverage, which can sometimes be expensive. However, if you focus on managing your company’s risks, you can do more than solely reducing the risk of accidents (and having to file claims).

Insurance companies like policyholders that try to manage their risks, and they reward them by reducing their premiums.

You too can reduce the cost of your insurance if you start thinking like a risk manager. In this article we provide you with some tips to do just that.

How far you want to go depends on how much time you want to spend honing your risk management skills. The more you learn, the better you will have a broad perspective of the various risks that your organization faces.

To start thinking like a risk manager, it helps to organize your risks into categories:


  • Human resources – Employees are your biggest asset, but they can also be one of your biggest liabilities. Businesses are regularly sued by their employees and job applicants for a number of alleged transgressions, such as discrimination, retaliation and hostile work environments. Some people are serial lawsuit filers.
    To reduce the chances of this, you need to screen job applicants and document everything, including candidate searches, interviews, hires, reviews, complaints and behavior or performance issues of your employees, especially if you have to terminate someone.
    Also, promote a culture safety with regular training, and strive to keep your workers happy, motivated and feeling like they have are vested in your enterprise.
  • Property and assets – Fire and theft devastate thousands of American businesses every year. Protect your property with fire and burglar alarms, and take precautions against damage from severe weather.
    Make sure that you keep your company’s data safe (especially any personally identifiable information on your staff and customers, and credit card information).
    Erect firewalls, install virus and malware protection and store vital company data on- and offsite. Develop an emergency response plan in case your data is compromised or if your network fails.
  • Income – This includes any risks that affect your company’s finances and income stream. Keep thorough records and meticulously quantify your costs of goods sold, gross and net income.
    Monitor your accounting and ensure that a chosen few of your staff have access to your accounts and check books.
    Protect your business income by having a solid supply-chain management plan in place, with connections made with backup suppliers should one of your current suppliers suddenly be unable to provide you with product.
    Have a contingency management plan in place to keep your business operating if disruptions occur due to equipment failure, a breakdown in transportation networks or natural disaster.
  • Liability – Every year there seems to be a new and novel lawsuit threat that companies never knew existed. Make sure that you do all you can to reduce the potential of liabilities to third parties, including vendors and customers and the public at large.
    Identify any hazards on your premises, and train your employees to drive carefully and not endanger your customers or the public.
    Keep your workplace safe, as well. Engage in proactive safety training and a program to identify potential hazards to your staff. Keeping your staff safe and reducing the risk of injuries keeps your workers healthy and safe – and your workers’ comp premium low.
    Have a social media policy with clear do’s and don’ts.


While there is much more that you can do, these tips are a good place to start in thinking like a risk manager and reducing the chances of your firm having to pay more than it should, or being sued.
Finally, consult with us as we can help you identify the biggest risks that your organization faces and what you can do to reduce those risks to a comfortable level.

Remember, insurance is there to pay for many of these issues, but to keep your rates as low as they can be and reduce the potential of fallout, put on your risk manager cap and get to work.



Study Finds Almost All Businesses Hit by Cyber Attacks

A new study has found that the majority of American businesses were victims of cyber attacks in the past year, greatly increasing the security stakes for companies of all sizes.

Risk managers are aware of the increasing threat of cyber attack, but despite that, a majority of them said that they are not doing enough to thwart such an event, according to the study by The Hartford Steam Boiler Inspection and Insurance Company.

The results are eye-opening and a wake-up call for all companies, especially firms that do not have a risk manager on staff.

Worse yet, while in the past the majority of cyber attacks were directed at large businesses and corporations, in the last two years, hackers and cyber criminals have increasingly targeted smaller firms that often do not have the same security measures in place as their larger counterparts.

The biggest concerns facing the businesses whose risk managers were surveyed are protecting the privacy of their employees, customers and vendors, as well as risks associated with cloud computing.


Some of the more significant findings are:

  • Nearly 70% of all businesses surveyed experienced at least one hacking incident in 2014.

QUESTION: How many hacking scares/incidents have you experienced in the last year?

  • 1-5 (37%)
  • 6-10 (10%)
  • 11-15 (4%)
  • More than 15 (18%)
  • None (31%)


  • More than half (55%) of the risk managers don’t believe their company is dedicating enough money or trained and experienced personnel to combat the latest hacking techniques.
  • Most risk managers are concerned about cloud security.

QUESTION: What do you think is the biggest risk when it comes to cloud technology?

  • Loss of confidentiality of information (76%)
  • Service Interruption (16%)
  • Government intrusion (5%)
  • Negative impact on employee satisfaction (e.g. perception of down-time risk) (2%)
  • Lack of service standardization (1%)


  • Personal information is the biggest concern for businesses.

QUESTION: What type of information are you most concerned about being breached?

  • Personally identifiable information (53%)
  • Sensitive corporate information, such as business plans, M&A plans, product development information, marketing (33%)
  • Financial information, banking credentials (14%)


The insurer surveyed risk managers at small, mid-sized and large companies in manufacturing/industrial; retail; financial services; government/military; medical/health care; and education, among others.


Cyber Insurance

As the cyber threat continues to evolve, so do the insurance options available for businesses.

Some trends are starting to become evident in the market, though: rates for retailers, financial and health care-related firms are on the increase, and so are deductibles.

Coverage varies from insurer to insurer, but most policies cover at least the following costs:

  • Forensic investigations.
  • Credit monitoring for affected individuals.
  • Legal fees and settlements.
  • Fines or penalties levied by government agencies.


Pricing will vary depending on your industry as well as the strength of your internal security measures.

Retailers shopping for cyber insurance are coming under pressure to secure their payment systems, just as homeowners are encouraged to install locks on doors and windows.

Insurers are also promoting newer technologies for securing payment card transactions that exceed credit card companies’ requirements, such as tokenization and end-to-end encryption.



Managing Your Internal Supply Chain Risk: Equipment Failure

We’ve had articles about how to protect against and plan for external supply chain risks. These risks are often out of your control as they can affect suppliers or transportation providers, as well as transportation networks and infrastructure.

However, you also have internal supply chain risks, which you are better able to control. These risks can affect a variety of businesses from manufacturers to retailers and restaurants – and any business that has some type of revolving stock.

It could be vital to the survival of your business that you are aware of and prepare for internal risks such as machinery and equipment breakdowns.

Knowing the right steps to take ahead of time can save you from making a bad situation worse or significantly delaying the resumption of operations. All of that, of course, amounts to extra costs for your operation, including the potential for lost revenues.

If you prepare for a failure of a key piece of equipment or machinery, you also won’t be scrambling trying to figure out your next step in times of internal disruption or crisis. Making decisions at such times can often lead to more problems and costs.

Your risk management plan to deal with such failures should include:


1. A list of key equipment

·         Production machinery, including gear sets, motors, compressors, belts and fans.

·         Boilers and pressure vessels.

·         IT and communications systems, including wiring and cables.

·         Electrical equipment or system, including transformers, switch boxes, cables, wiring and motors.


2. An inventory of spare parts

Optimally, you should keep all the key spare and replacement parts for your main systems on site. You can ask the manufacturers or service companies of those systems to assist you in having an emergency inventory on hand.

Still, it may not be feasible to have all items on site. In that case, you should compile a list of the other parts that could break and need replacement, and how to quickly order them from the correct supplier. You should include on this list the cost of those items and delivery times – and update the list at least every year.


3. Plan for renting replacement equipment

As part of your planning, you should obtain quotes from companies that rent out the same type of equipment or machinery that you use, and update the quotes every year. The quotes should include all pricing like transportation and set-up fees, as well as estimated time from ordering to delivery and start-up.

Don’t forget to include alternative suppliers.


4. Repair firms

You should also have at the ready information on the various contractors that are able to repair the equipment that’s broken down. The information should be listed by equipment item and should include contractor capabilities, contact information and availability.

Again, you should update this information every year.


5. Inventory

The dilemma for many businesses is how much inventory to carry. You don’t want to get caught short when it’s time for deliveries, and you don’t want too much of your money tied up unnecessarily in inventory that will go unused for some time.

That said, a certain reserve of inventory to help you continue to supply your customers is a smart move if you want to minimize the disruption of an equipment failure.

You need to analyze your order and delivery schedules and identify an optimum amount of spare inventory to keep on hand to fulfill orders in case of an equipment failure.

Make sure to keep in mind perishability of inventory, if applicable.

 broken cog


Keeping it Safe and Limiting Liability during the Holidays

With year-end festivities about to begin, you should include safety into your holiday plans, be that if you are simply decorating the office or throwing a party for your staff.

Since the holiday season or your party is only once a year, it’s easy to overlook safety even though you already incorporate it into the other aspects of your operations.

While you obviously want your staff to relax and have fun at your holiday party, you also want to make sure they get home safely and that nobody gets hurt or sick at your party. This takes planning and consideration.

Some of your safety priorities should be:

  • Liquor consumption,
  • Safety on the premises of your party, and
  • Food-borne illnesses.


Due to their infrequent nature, the liability risks of company-sponsored holiday events are often overlooked. To ensure the health and well-being of all who attend, it is important to be aware of any potential liability concerns that your company may face if the event doesn’t go exactly as planned.



While you want your staff to enjoy themselves, safety should still be your top priority during the holidays.

Keep in mind that if someone trips and injures themselves on an extension cord for your holiday lighting or other decorations, it would be considered work-related and could possibly be subject to workers’ compensation. The same may hold true for injuries sustained at work parties. Consider the following:

  • If you are holding a party outside your premises, you need to inspect the venue first to make sure it meets your safety standards. Some things to keep an eye out for are exits, emergency lighting, and flooring that might prevent slips and falls, particularly if there is a chance of bad weather.
  • Keep an eye on the weather forecast and whether storms are looming on the date of your party. Consider the effects that weather may have on safe travel to and from the event. You may need to make special plans to keep sidewalks and parking lots clear if the event is outside of normal business hours.
  • If you are in an unfamiliar area, do you need security? It’s something to consider.
  • Keep an eye on party-goers to ensure that no one wanders off or goes to their car alone after dark.
  • Prepare an emergency plan in case someone is injured or needs medical assistance. Know where the closest hospital is and if anyone knows how to use a defibrillator or can perform CPR.
  • Do you have employees with disabilities who have special needs? Wheelchair-bound employees should be able to get in and out of any venue you choose.


Other liability issues

Other issues to consider:

  • Applying your workplace policies on behavior, including those on violence, harassment, discrimination and the general code of conduct, even if you’ve chosen a venue other than your workplace. Prior to the event, let employees know the standards to which they will be held.
  • Making sure your staff know that the event is optional and it won’t reflect poorly on their performance evaluation, advancement potential or job security if they don’t’ attend. All invitations and announcements should emphasize this point.
  • Making sure that the party is not tied to any specific religious tradition and is referred to as a “holiday party.”
  • Monitoring employees’ behavior to ensure that it conforms to company policies. Take prompt action if any activity or behavior exceeds acceptable bounds. For instance, if someone is getting too friendly, carrying mistletoe and asking for kisses from others, you should pull the person aside and discreetly manage the incident before it becomes a bigger issue.
  • Limiting alcohol consumption, which can help avoid impaired decision making and a lowering of inhibitions that can lead to poor behavior.
  • Avoiding activities or items such as mistletoe, a game of Twister, or inappropriate music that could lead to physical contact, unwanted social pressure or inappropriate conversation.
  • Taking complaints that stem from the party seriously. As you would with any other incident, document, investigate and take appropriate action.



Some companies have recognized the liability exposure that alcohol represents and have chosen to hold holiday events free of beer, wine or liquor. If it is to be served, there are some important considerations that can help to limit potential problems:

  • Hold the event at an off-site location and hire professional bartenders who have their own insurance and are certified for alcohol service. Speak with the vendor to determine what protocols it uses to keep from serving minors and others who are visibly intoxicated.
  • Make sure there is an array of choices of non-alcoholic beverages.
  • Don’t have an open bar. Instead, hand out drink tickets to control consumption.
  • Stop serving alcohol at least an hour before the event ends.
  • Keep lots of starchy and high-protein snacks for the party-goers to munch on to slow absorption of alcohol into the bloodstream.
  • Give a supervisor or manager the authority to cut off the serving of alcohol to anyone who is intoxicated.
  • Provide alternative transportation, which may include free cab rides.


A word about insurance

Make sure that any vendors you use carry insurance. Insist on seeing the certificates of insurance with sufficient coverage and liability limits for:

  • Catering firms,
  • Bartending firms,
  • Facilities, or
  • Entertainers.


When reviewing rental contracts, be sure to note whether any hold harmless or indemnity agreements that could release the vendor from liability and instead hold your company responsible for losses from situations over which you have no control.

Also, talk to us to make sure that your own insurance policies cover any mishaps that may occur at your company event.

holiday party