The management of risk within an organization is an important discipline that supports and builds confidence among business leaders in their decision making capabilities. Understanding the threats the organization faces and what measures are taken to mitigate or mange those threats only leads to more qualified and capable leadership.
So what is the risk management process? In its simplest form, it’s a four step process:
1. Identify risk,
2. Develop strategies to handle risk,
3. Implement those strategies, then
4. Evaluate, monitor and adjust accordingly.
I’ll breakdown those steps to better understand how this process can positively impact your organization, but first it may be a good idea to answer the question what is risk?
Well, risk is any situation or occurrence that can cause your business financial or reputational harm. Which is a pretty broad definition so it begs the question: How do you identify risk within your company?
Since risk is often bundled with insurance purchasing or thought of in the same context for mid-market businesses, it’s likely that you’re thinking, “Well, my insurance broker identifies my business risks and writes policies to cover them.” That may be partially true, but think back to how your current policies were written. Did your current broker take copies of the policies you had and replicate them at a lower premium as a means to win over your account? If so, where did the formal process or risk identification take place? In our crazy busy world that process probably didn’t take place. And, it probably didn’t take place when you first took out your policies.
True risk identification takes place as a more formal process; usually as an audit or questionnaire that digs deep and asks questions about how your business functions. Physical inspections of plants and processes are also important to uncover potential risks. Key concepts explored during the process include the flow of goods and services into and out of your company, (inputs/outputs) key relationships, contingent relationships, etc.
The reason it’s important to separate risk identification from pure insurance purchasing is because not all risks will be transferred via insurance, but those risks still exist, so it’s critically important to understand them, measure their threat, prioritize them, and manage them. Further, even if a risk is insured – say automobile liability, it’s still important to understand how to treat the risks associated with a fleet of autos. For example, how do you recruit drivers? Are they tested (drug, driving ability, physical, etc.)? Do you monitor their motor vehicle report during the year? Are there driver training sessions performed during the year? What does the historical loss experience look like?
All of these questions and more help to gauge or identify risk. While auto liability is certainly a risk that is insured it still needs to be managed so that your organization minimizes their Total Cost of Risk
Here’s a simple example of how risk identification goes beyond the simple insurance transaction. During the course of a risk identification audit we asked a client for samples of contracts they signed during the regular course of business. We found that the purchasing department was regularly signing indemnity agreements in favor of the vendors selling the client a product. Those agreements held the seller/vendor harmless from any and all claims of injury that could arise from their product which became integrated into our client’s finished product.
This is something that probably would never have been discovered during the normal “insurance process”, but once uncovered the client realized that they had been accepting liability of others through this arrangement that they didn’t even know was happening. Now the purchasing department must submit all “non-standard” purchase orders through the CFO’s office for review to avoid this potential risk.
As you can see, the risk management process goes well beyond the simple transaction of purchasing insurance. That’s why the large Fortune 500 type companies have whole departments dedicated to Risk Management. To find out how our process which is scaled to the mid-market can reduce costs and provide your leadership more confidence contact me for a no-obligation consultation.