“Rumors were circulating at Carol’s wholesale business that the sales manager, Tom, was interested in “getting involved” with Christa, the firm’s new salesperson. Christa, on the other hand, had turned down many of Tom’s offers, but Tom’s ego would not let him relent. Carol is concerned Christa will leave, and worse yet, initiate legal action against the business. The company is already working on a thin profit margin, and Carol knows she cannot afford the legal expenses from this or any other sexual harassment claim. What should she do?”
Carol is in a classic Risk Management dilemma: She knows there is a problem, which, if left unaddressed, could financially impact her business. Furthermore, she does not like overreacting to situations, but Carol, like many business owners, is not familiar with “risk management” and equates it to the property and liability insurance she buys from her local agent. In reality, insurance is only one part of risk management.
Using a candy manufacturer as an example, risk management is a continuous process in which people and companies:
- Identify exposures. For example, the candy we manufacture could make people sick.
- Prevent or mitigate claims from operations. For example, let’s implement a quality control program to make sure our candy is of the highest quality.
- Finance/transfer losses that do occur. For example, our products liability insurance will pay for claims due to a bad batch of candy or through a contract, our suppliers will indemnify us for losses due to bad ingredients.
This multi-step process mentions insurance in only one part – financing losses. Companies should keep in mind that their insurance policies are no substitute for a complete risk management program. Why? Because all insurance policies contain exclusions, and unless a risk management analysis has been conducted on your behalf, the policies you have may not be appropriate or adequate, given your operations.
Continuing with the candy manufacturer above, the products liability coverage will respond to bodily injury claims because customers ingest candy containing bad ingredients, but it will not pay expenses incurred for recalling the remaining bad candy from the marketplace. It also will not help you develop a damage control program, which informs the media and general public about how the company will be handling the problem.
What is a Risk Management Analysis?
A Risk Management Analysis is a process that reviews your firm’s operations and “gets to know” your activities inside and out. Without this understanding, it is impossible to assess whether the most appropriate:
- Sexual harassment management policy has been implemented and is followed by all levels of employees.
- Money-handling practices are in place, especially with regard to segregation of duties.
- Insurance coverages have been issued to your firm, such as pollution liability or employment practices liability.
- Services, in types and amounts, have been provided by your agent/broker.
Also included in the Risk Management Analysis process is an examination of your firm’s tolerance for risk. For example, how large of a financial hit could you, or would you, likely take before it seriously affected your ability to run the business? Cyber exposures and how insurance policies may respond (or not) to damages and expenses incurred after being hacked are reviewed, along with the firm’s disaster recovery plan. The company’s procedure with regard to employees using their personal automobiles for business purposes is discussed, along with the limits of their auto liability insurance and how often the driving records of these individuals are reviewed. Finally, external issues, such as the compensation arrangement with your agent/broker and applicable case law impacting your business, are analyzed.
In most cases, the Risk Management Analysis becomes an educational experience for a business. Almost without exception, it reveals issues previously unrecognized by management as “an accident waiting to happen,” and provides suggestions on how to resolve the various concerns.
Risk Management Analysis services are provided by many insurance-related firms. However, these services are most appropriately conducted by an independent risk management professional who, individually or with the firm he/she is employed, does not sell insurance. Objectivity is critical to the integrity of the process. The potential for a conflict of interest exists when the individual in whom you have placed your faith to take care of your insurance needs is asked to review your risk management program – including the appropriateness of the insurance coverages he/she placed on your behalf.
A lot of issues affect an independent business owner’s ability to compete in the marketplace and earn a profit. You have 100 percent control over very few of them, and more than likely you prefer to at least be aware of those that could negatively impact your bottom line. Adding the “Risk Manager” hat to the many others you already wear may seem impossible, but in the long run, the best defense is a good offense. Recognizing the internal activities and external forces that could financially impact you, and how to prevent, mitigate and finance these issues, are key to the long-term survival of your firm.
By Joy M. Gänder, CPCU, ARM
Copyright © 2015 Gänder Consulting Group, LLC
Phone: (608) 286-0286 │Fax: (608) 442-6811